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London Attacks 
Raise Concerns of | 
US. Vulnerability | 


Lack of funding, failure to commit to better 
security make transit systems prime targets 





BY JAIKUMAR VIJAYAN 
Last week’s terrorist attacks 
on the rail and bus systems dangerously vulnerable due to 
in London highlighted both a lack of funding and a failure 
the vulnerability of the to commit to securing 
U.S. rail system and the atm them, experts said. At 
enormous IT challenge Btenmmietnem (he same time, the 
involved in defending eee ieeme open nature of public 
it, security and terror- egress age transit systems makes 
ism experts said. aCe na them extremely diffi- 
Nearly four years af- cult to defend. 
ter the 9/11 terrorist attacks “London far and away has 
and about 16 months after the | been the best-prepared juris- 
Madrid train bombings that London, page 16 | 


killed 191 people, U.S. com- 
muter rail systems remain 


Last week’s attacks in London, including the bombing of a 
double-decker bus, highlight security challenges that extend to the U.S. 
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Some companies have piled 
onas many as five levels of 
defense to keep viruses, 
adware, spam and spyware 
out of corporate e-mail net- 
works. Check out the latest 
strategies for blocking 
malware. Page 25 


New Battle Brews Over UCITA, 
Software Licensing Terms 


Some users worry 
that act could be cited 


puter Information Transac- 
tions Act was abandoned 
nearly two years ago because 
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adoption of the Uniform Com- 


by default in courts 


BY PATRICK THIBODEAU 
A new legislative battle is 


| looming over the controver- 


sial UCITA software licensing 


| law. But this time, it’s software 
| users, not vendors, who are 


poised to attack. 
The push for state-by-state 





of widespread opposition 
[QuickLink 40364]. But the 
group of software users that 
led that opposition has since 
been quietly drafting its own 
model software-licensing law. 
Its concern is that courts may 
use UCITA as a reference 
point in legal disputes, giving 
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| vendors a victory through the 
legal system that they couldn’t 
gain in state legislatures. 

| “That battle against UCITA 
| is still going on; it’s just taken 
another form,” said Riva Kin- 
stlick, vice president of gov- 
ernment relations at Pruden- 


| tial Financial in Newark, NJ. 


“People are starting to be con- 
UCITA, page 53 
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After the Fact 


in the Management section: “Postgame” analy- 
sis of IT projects has never been popular, and 
tight budgets make it less so, but companies 
that make the effort say having key players 
weigh in is well worth it. Page 39 
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Big-Time Storage on the Cheap 
In the Technology section: An increase in 
functionality and a drop in component 
prices is making midrange storage net- 
works a bargain, say IT leaders such as 
Ameritrade CIO Asiff Hirji. Page 28 
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NEWS 


6 Awireless project for CSX’s 


_ OPINIONS 


8 On the Mark: Mark Hall re- 


truck drivers delivers sub- 
stantial ROI. 


Hybrid discovery tools mix 
active and passive detection. 


A Florida county violates a 
state e-voting law by refusing 
to buy specialized voting 
machines. 


A rocky PeopleSoft ERP roll- 
out leads to underwhelming 
financial results for GTSI, a 
government IT products and 
services provider. 


A new health care deal is 
struck to develop a system for 
administering patients’ med- 
ications. 


Good Technology makes a 
move in the wireless market 
by offering support for 
Microsoft smart phones 
and Lotus Notes. 


Q&A: The founders of Sea- 
Code, a start-up that will offer 
floating offshore IT services, 
discuss their business model 
and what life will be like for 
their seafaring employees. 


Microsoft courts midsize 
companies with a Windows 
Server System promotion. 


Global Dispatches: The Euro- 
pean Parliament overwhelm- 
ingly defeats a software 
patents bill. 


Oracle plucks another retail 
industry software firm, and 
this time, it’s profit optimiza- 
tion vendor ProfitLogic. 


technologies for fighting mal- 
ware are improving, no single 
strategy is enough to safe- 
guard IT systems. As a result, 
companies are layering on 
multiple defenses. 


: 32 Security Manager's Journal: 


IDS Pays Off, Even if There’s 
No Hacking. The intrusion- 
detection system that Mathias 
Thurman’s company uses 
shows its value when the 
security team sets out to 
mitigate the effects of a 

nasty worm. 


: 34 QuickStudy: AJAX. Asynchro- 


nous JavaScript and XML is 
an approach to developing 
Web applications in which 
client Web pages are modified 
incrementally rather than be- 
ing replaced entirely every 
time an update is necessary. 


MANAGEMENT 


eee eeeeeersesseeeseseeeee 


42 IT Mentor: Grass-Roots 


Governance. The discre- 
tionary budget can be a 
treacherous territory with 
no rules, no winners and lots 
of hard feelings between IT 
and business. John Sullivan 
of Reynolds and Reynolds 
tells how his group got a 
handle on it. 


46 Career Watch. Computer- 


world Premier 100 IT Leader 
Jesus V. Arriaga offers advice 
on how to become a CIO; the 
hiring outlook brightens; and 
the ITAA reports that IT still 
lags in hiring women and 
most minorities. 


ports that one company thinks 
it can lead the way to IT self- 
service for end users by treat- 
ing applications like data. 


20 Don Tennant thinks young 
coders have a lot to learn 
from Cobol veterans. 


20 David Moschella has a re- 
minder for anyone who's 
worried about the rising 
power of China and India: 
We've heard such dire 
warnings before. 


Michael Gartenberg cautions 
that the technology you give 
your users is only as good as 
the training they get. 


36 Curt A. Monash says the use 
of new data sources can pro- 
vide a huge boost to business 
profitability and success. 


48 Bart Perkins argues that hav- 
ing a single pool of capital en- 
sures that IT program funding 
is based on business benefits, 
not technical merits. 


54 Frankly Speaking: Frank 
Hayes suggests that it’s possi- 
ble to channel users’ fear, 
anger and distrust about 
security problems so they’ll 
make themselves more 
secure. 
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How Should You Break 

The Bad News? 

PRIVACY: Notify your customers the right 
way, and they’re more likely to stick with you 
even if their personal information has been 
compromised, columnist Larry Ponemon 


says. © QuickLink 55301 
Career Marketing 201 


CAREERS: Korn/Ferry International’s Jack H. 
Cage says that identifying key accomplish- 
ments and being able to clearly convey them 
will improve your networking experiences. 


@ QuickLink 55047 
The Project’s Red. Tag! You’re It 


MANAGEMENT: Michael Patterson and Patri- 
cia Pruden suggest ways to clarify who has 
responsibility for a business unit’s project. 
© Quicklink 55291 


omens i. 

WEBCAST: You may think terrorism is the do- 
main of government agencies, but author Dan 
Verton warns you to be aware of your role in 


protecting the national cyberinfrastructure. 
Available as a free webcast. @ QuickLink a5810 


How to Evaluate Intrusion- 
Prevention Systems 


SECURITY: Before making a big investment in 
defense technology, Bob Walder of The NSS 
Group suggests asking several key questions. 
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Fujitsu to Offer 
SUSE Linux 


Fujitsu Ltd. will begin offering 
Novell Inc.’s SUSE Linux Enter- 
prise Server software and support 
services for Fujitsu PrimeQuest 
and Primergy servers in Septem- 
ber. Fujitsu currently offers Win- 
dows and Red Hat Linux software 
development and support services 
for the Intel-based servers. 


Microsoft Prices 
Data Protection App 


At its Worldwide Partner Confer- 
ence on Friday, Microsoft Corp. 
said that System Center Data Pro- 
tection Manager, its forthcoming 
disk-based backup and recovery 
server software, will sell for about 
$950. That includes a DPM serv- 
er license and three management 
licenses. Microsoft also demon- 
strated the forms functionality 
due in its next Office release. It 
lets users enter and edit informa- 
tion from within a browser with- 
out using its InfoPath client. 


Dell Ships Its First 
Dual-Core Server 


Dell Inc. this week will ship its 
first server with dual-core chip 
technology from Intel Corp. A 
single-socket system designed for 
small-business use, the Power- 
Edge SC430 should offer perfor- 
mance that’s about 40% better 
than that of a single-core CPU, 
Dell said. Pricing starts at $499. 
Systems for midsize and large 
companies are due later this year. 


Short Takes 


CISCO SYSTEMS INC. Chief Tech- 
nology Officer Charles Giancarlo 
will become chief development of- 
ficer on July 31, replacing the re- 
tiring Mario Mazzola. ... AU.S. 
Securities and Exchange Commis- 
sion inquiry into an alleged period- 
ic reporting violation by BUSINESS 
OBJECTS SA ended with no rec- 
ommendations for enforcement 
action. . .. BORLAND SOFTWARE 
CORP. reported lower-than- 
expected quarterly revenue and 





said CEO Dale Fuller stepped down. 
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CSX Wireless Project 


Delivers Quick ROI 


Use of BlackBerries 
grows productivity, 
lowers turnover 


BY MATT HAMBLEN 
NE YEAR after 
spending $400,000 
on a wireless proj- 
ect designed to 

speed up communications 

with 450 independent truck 
drivers and cut costs, CSX 

Corp. reported last week that 

it may have hit a bonanza. 

Jacksonville, Fla.-based CSX 
said the wireless notification 
application from Air2Web Inc. 
in Atlanta has cut the number 
of phone calls truckers make 
to the CSX Intermodal call 
center from 20,000 a week to 

11,000, said John Dugan, tech- 

nical director for intermodal 

applications at CSX Technolo- 
gy Inc. 
And because drivers can 





now send short text 
messages and e-mail 


| via Research In Mo- 


tion Ltd. BlackBerry 
devices, they each 
save about an hour 
per day that they 
once spent waiting 
for a dispatcher, 
Dugan said. That 
alone improved 
driver productivity 
by 400 hours per day 


1 . . 
— a major reason why driver 


turnover dropped from 80% to 
50% in the past year, he said. 

“Fifty percent turnover is 
still terrible but a big improve- 
ment,” Dugan said. 

Dugan said he believes 
these productivity gains have 
helped CSX cover its initial in- 
vestment “and then some” in 
just one year. “This technolo- 
gy has exceeded our expecta- 
tions in terms of payback, new 
revenue and productivity,” he 


Hybrid Discovery 
Tools Make Debut 


Software combines 


| active and passive 


detection methods 


BY MATT HAMBLEN 
Two small management soft- 
ware vendors will announce 
products today that discover 
IT system components using a 
hybrid of active and passive 
detection approaches instead 
of just one. 

San Jose-based NLayers Inc. 
is releasing NLayers InSight 
4.0, which will feature a new 
hybrid active/passive discov- 
ery capability. Separately, 
Atlanta-based Insightix Ltd. 
will release Dynamic Infra- 
structure Discovery, a new 
product that includes its In- 
sightix Collector for active 





and passive network discovery. 

NLayers focuses on gather- 
ing detailed configuration in- 
formation about servers and 
the applications running on 
them. Insightix, on the other 
hand, is focused on a real-time 
inventory of network software 
and hardware, said Jean-Pierre 
Garbani, an analyst at For- 
rester Research Inc. 

Garbani said the hybrid 
approach seems to be new in 
the market and “will be a good 
selling point.” 

Active discovery was added 
to passive in the new version 
of InSight, “so IT departments 
no longer have to make a deci- 
sion between active or pas- 
sive,” said NLayers CEO Gili 
Raanan. 

NLayers sells InSight as an 


DUGAN says CSX 
covered its wireless 
investment in just 
Oye Le 





said. “It’s definitely 
helping our business 
... since drivers are 
not answering 
phone calls and can 
do more jobs.” 

CSX’s achieve- 
ment is noteworthy, 
given that a 15% to 
20% return on in- 
vestment is consid- 
ered very good for 
such projects, said 
Jack Gold, an analyst at J. Gold 
Associates in Northboro, 
Mass. Deployments of wire- 
less systems for use by field 
personnel can be highly effec- 
tive because they usually re- 
place paper processes or a 
middleman, such as a call cen- 
ter operator. 

CSX call center operators 
who suddenly saw a reduction 
in the volume of calls they 
handled have been moved to 
other jobs, Dugan said. 


appliance with a starting price 
of $95,000. Insightix sells soft- 
ware that starts at $4,000 for 
100 devices. 


Looking for Detail 

The Museum of Modern Art 
in New York manages 100 
servers with a prior version of 
InSight but wants to move to 
Version 4.0. CIO Steven Peltz- 
man expects to use the hybrid 
discovery tool to get more- 
detailed information on irreg- 
ularities on a particular server. 

Peltzman chose the NLayers 
product after considering the 
Insightix offering. “We never 
got the ball rolling with In- 
sightix,” he said. 

Brad Martin, senior security 
analyst at Chick-fil-A Inc. in 
Atlanta, is beta-testing the 
new Insightix tool at the same 
time the restaurant chain is 
upgrading the core of its net- 
work. “We want better visibili- 
ty into the network and to be 
able to span multiple virtual 
LANs,” he said. 





www.computerworld.com 


Intermodal truck drivers 
may make several trips a day 
of 40 to 80 miles each, carry- 
ing goods from a rail depot to 
a warehouse or store. With the 
wireless application, they can 
be notified instantly when 
leaving a location with no load 
and redirected to quickly find 
another load nearby. 

Many of the drivers had 
cell phones, but they agreed 
to buy the BlackBerry hard- 
ware and pay for the monthly 
data service out of their own 
pockets, Dugan said. The dri- 
vers pay $49 per month for 
unlimited data service and 
$49 to $100 for the BlackBerry 
hardware. 

CSX estimates that about 
500,000 loads have been dis- 
patched using the wireless 
system, which connects to an 
existing dispatch system 
called Pegasus. Early next 
year, CSX plans to add the 
ability to capture signatures 
digitally with a Bluetooth- 
enabled pen device so drivers 
can be paid faster. And it will 
add a Bluetooth-enabled 
bar code reader for scanning 
shipment documents easily. 
@ 55424 


Chick-fil-A has 3,000 net- 
work nodes nationwide, with 
1,000 in its Atlanta offices. 
Martin said he hasn’t made a 
decision whether to buy In- 
sightix because he wants to 
upgrade his network first and 
then see the Insightix tool “in 
all its glory.” @ 55433 


Network Discovery 
Vay) gern itt 





www.computerworld.com 
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Florida County 


in Legal Spat Over 


Purchase of E-voting Machines 


Vote leaves county without touch-screen 
systems; handicap-rights group files suit 





BY MARC L. SONGINI 

The refusal to purchase spe- 
cialized voting machines that 
comply with handicap-access 
laws has put a Florida county 
in the cross hairs of the state’s 
attorney general and handi- 
cap-rights groups. 

On June 29, the Volusia 
County Council voted 4-3 
against authorizing the pur- 
chase of 210 touch-screen sys- 
tems from Diebold Election 
Systems. According to Florida 
state law, all counties were 
obliged to have at least one 
state-certified touch-screen 
machine in place by July 1. 
The Diebold systems meet the 
handicap-access requirement 





because they also house de- 
vices that enable blind voters 
to receive verbal prompts to 
help them vote. 

The council declined to 
purchase the machines be- 
cause they don’t generate a 
paper receipt. The majority of 
the council is joined by critics 
who maintain that the touch- 
screen systems can be rigged 
for political advantage [Quick- 
Link 53796]. 

The National Federation of 
the Blind and others filed suit 
against the county last week in 
Orlando Federal District Court. 

“This does put Volusia 
County in a very difficult posi- 
tion,” said a county govern- 


GTSI Blames Rough 
PeopleSoft Rollout for 
Financial Shortfall 


Customer relations 
hurt by flawed ERP 


implementation 


BY MARC L. SONGINI 
A challenging $10 million roll- 
out of PeopleSoft ERP soft- 
ware at a government IT prod- 
ucts and services provider 
hurt the company’s bottom 
line, disrupted customer rela- 
tions and will delay it from 
achieving its long-term finan- 
cial goals. 

Chantilly, Va.-based GTSI 
Corp. last week announced 
that its second-quarter finan- 
cial results would be “nega- 
tively impacted” by lower 
bookings and shipments that 
were the result of “internal 
distractions and other difficul- 
ties” caused by the software 
implementation. The People- 
Soft software is now part of 





Oracle Corp.’s portfolio. 
Moreover, GTSI said in a 
statement that its plan to dou- 
ble its revenue to $2 billion by 

2007 is now in jeopardy. 

“The second quarter has 
been a tough one for our cus- 
tomers, vendor partners and 
employees,” said Dendy 
Young, chairman and CEO of 
GTSI. “We have been experi- 
encing difficulties in deliver- 
ing products to many cus- 
tomers in a timely manner due 
to software problems with our 
ERP implementation. This has 
caused disruption to some 
customer relationships.” 


Reports Delayed 


The problems have been so 
severe that on May 31, the 
company announced that it 
couldn’t provide monthly rev- 
enue, backlog and booking 
reports because it couldn’t 


THE DIEBOLD TOUCH 

SYSTEMS can be rigged re on 
ical advantage, critics such as 
the Volusia County Council say. 


ment spokesman. The four- 
person majority was “not 
comfortable with the Diebold 
system, and now we’ve been 
sued, and we'll defend that ac- 
tion,” the spokesman said. 

He said the council would 





| validate the data generated by 
the ERP system. 

GTSI bought the PeopleSoft 
ERP software in July 2004. Be- 
fore it was rolled out, the com- 
pany used an “unsupported 
legacy platform” so heavily 
customized that only its inter- 
nal staff could maintain it, said 
a GTSI spokesman. The legacy 
software also couldn't scale 
sufficiently. 

The company expected the 
new software to help increase 
productivity by allowing 
more-proactive supply chain 
management, enabling cus- 
tomer and vendor profitability 
assessments and improving 
order management operations. 

However, because the soft- 
ware was geared more toward 
manufacturing, GTSI had to 
reconfigure it to support re- 
seller operations. “That’s part 
of what you find in these situ- 
ations,” said the spokesman. 
“You go through alterations 
of the product, and you en- 
counter difficulties.” 

Without elaborating, he said 
those difficulties included 
both software bugs and proce- 
dural errors. PeopleSoft also 
connects to a number of third- 








prefer to buy a hybrid optical- 
scan system called AutoMark, 


| which is made by Vogue Elec- 


tion Systems LLC in Glen EI- 


| lyn, Ill. AutoMark has an audio 


component to enable the blind 
to vote, but the system hasn’t 
been certified by Florida. 
None of the four council 
members who voted down the 


| purchase responded to a re- 
| quest for comment. 


Florida Attorney General 
Charlie Crist issued a letter 


dated June 30 to council Chair- | 
| ogy, the state has taken a 


man Frank Bruno, stating that 
the refusal could subject the 
county to liability for a civil 
rights violation. 


A Vote for Diebold 


Ann McFall, the county super- 


purchase of the Diebold ma- 
chines. She said she directed 
her attorney to ask a federal 
judge in Orlando to either 
force the county to buy them 
or allow the next election, 
which is scheduled for Oct. i, 


party systems that support 
GTSI’s distribution center. 

“We’ve worked through an 
awful lot of issues in the last 
several months,” in part by us- 
ing Oracle/PeopleSoft sup- 
port, he said. Although the 
company has been able to han- 
dle orders through the rollout 
and continues processing 
shipments, it is doing so at a 
reduced rate. 

The spokesman offered no 


4 We have been 
experiencing 


| difficulties in deliv- 


ering products to 
many customers in 
a timely manner due 
to software prob- 
lems with our ERP 
implementation. 
This has caused dis- 
ruption to some cus- 
tomer relationships. 


DENDY YOUNG, 
CHAIRMAN AND CEO, GTS! CORP. 





| to take place without them. 


A spokesman for McKinney, 
Texas-based Diebold said the 


| touch-screen machines have 


been used for 20 years and are 


| completely reliable. In addi- 

| tion, the Diebold AccuVote-TS 
| and TSX machines provide an 
| internal paper receipt and can 
| generate a hard copy of every 
| vote cast via printer, he said. 


Volusia County isn’t alone 


| in refusing to comply with the 


July 1 deadline. By emphasiz- 
ing just touch-screen technol- 


“heavy-handed approach” to 


enforcing handicap voting ac- 
cessibility, said Ion Sancho, su- 


pervisor of elections in Leon 
County, which uses optical 


| scan devices. He wants the pa- 
visor of elections, is urging the | 
| certification of the AutoMark 
| systems. 


per trail and is holding out for 


“Voters demand that 
we can account for every vote 
100% accurately,” Sancho said. 
“And my goal is to make sure 
the votes are counted as in- 


| tended.” @ 55423 


estimate of how much money 
GTSI has spent to address 
problems related to the ERP 


| software implementation. 


However, in the 10-Q form it 


| filed with the U.S. Securities 


and Exchange Commission on 
May 9, GTSI did say the imple- 
mentation “has consumed re- 
sources, diverted manage- 
ment’s attention and increased 
our training costs.” 

The company said that it be- 


lieves it has solved most of its 


operational problems. And the 
spokesman reported that GTSI 
still expects to double its rev- 
enue, although “it’s taking a 
little longer than anticipated.” 

GTSI plans to close its 
books for the second quarter 
by Aug. 9. 

“It’s clear this was an imple- 
mentation that ran amok,” said 
Joshua Greenbaum, an analyst 


| 
at Enterprise Applications 


Consulting in Berkeley, Calif. 
“Tt indicates a lack of proper 
planning and lack of good 
management, and this is all 
the more shocking because 
this is a technology service 
company.” 

Oracle declined a request 


| for comment. @ 55435 
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Against Qualcomm 


Broadcom Corp. has filed an anti- 


trust suit against chip maker Qual- | 


comm Inc. In a complaint filed in 


the U.S. District Court in New Jer- | 


sey, Broadcom accused Qual- 
comm of abusing the process for 
setting wireless standards, failing 


to license technologies for cellular | 


wireless standards on fair and 
reasonable terms, and conducting 
other anticompetitive practices. 


Chinese Gov't Joins 


Antispam Effort 


The Chinese government has 
joined the London Action Plan on 
Spam Enforcement Collaboration, 
an international antispam effort 
started by the U.S. and U.K. gov- 
ernments. The effort was launched 
last October to improve investiga- 
tive expertise and coordination 
among worldwide groups. The 
Union Network Beijing will repre- 
sent China in the organization. 


Mercury Lowers Q2 
Revenue Estimate 


Blaming a sales shortfall in Eu- 
rope, Mercury Interactive Corp. 
has scaled back revenue esti- 
mates for its second quarter. The 
company also said a corporate re- 
structuring will result in undis- 
closed third-quarter charges. Mer- 
cury said it now expects second- 
quarter revenue of $200 million to 
$205 million, compared with its 
April guidance of $205 million to 
$215 million. 


Symantec-Veritas 
Merger Closes 


Symantec Corp. named six former 
Symantec directors and four for- 
mer Veritas Software Corp. direc- 
tors to its 10-member board fol- 
lowing the completion of its merg- 
er with Veritas. As previously an- 
nounced, John Thompson will re- 
main as chairman and CEO of the 
enlarged Symantec, while former 
Veritas CEO Gary Bloom becomes 
vice chairman and co-president. 
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Broadcom Files Suit | 


NEWS 


YT APP SELECTIONS 
KERP! ie remy 


Gets a Boost... 


. . . this fall when Softricity Inc. releases its ZeroTouch 
module as part of its SoftGrid software. David 
Greschler, vice president of corporate marketing at 
the Boston-based vendor, explains that ZeroTouch 
builds on SoftGrid’s critical capability to “treat 


applications like 
data.” SoftGrid’s 
Sequencer module 
“packages” applica- 
tions to run on Soft- 
Grid servers, which 
replace traditional 
app servers and work 
with agent code on 
end-user machines to 
create virtual applica- 
tions. When users click on a 
program that’s on a SoftGrid 
server, the application loads 
instantly on the PC. SoftGrid 
knows whether the machine 
is a laptop or a PC and can set 
a time limit for how long an 
app can reside on a mobile 
device before being disabled. 
With the arrival of Zero- 
Touch, end users won’t need 
to hassle IT with requests for 
application access; the mod- 
ule provides end users with a 
menu of available apps. Be- 
cause of SoftGrid’s packaging 
and virtualization process, IT 
doesn’t need to provision the 
end user’s machine, nor does 
it have to worry about reg- 
istry problems or broken 
DLLs resulting from applica- 


says IT self- 
aT eee 





tion conflicts. Plus, 
ZeroTouch gives IT 
the option to appoint 
workgroup managers 
within business units 
to approve applica- 
tion access for end 
users, taking IT out of 


cal process. SoftGrid 
starts at $200 per user. 


Autonomous 
computing a distant. . . 
. - possibility, maybe eight to 10 
years in the future. So says Hiep 
Vuaong, chief technology of- 
ficer at Net Integration Tech- 

nologies Inc. in Markham, 
Ontario. His vision of true 
autonomous computing 
means, for example, that 
when IT adds a server to a 
network, the machine auto- 
matically detects where its 
resources will be best used, 
provisions itself, maintains 
continuous awareness of its 
condition and network, and 
adjusts itself accordingly. 
Vuaong says Nitix, as his 
company is called, is propos- 
ing its UniConf open-source 


an occasionally politi- | 


| tool (www. 


open.nit.ca/ 
wiki) as a 
step toward 
true auto- 
nomous 
computing. 
UniConf 
does for net- 
work re- 
sources 
what LDAP 
did for end users on the net- 
work, Vuaong claims. He says 
IT can use UniConf to man- 
age resources to minimize 
software conflicts when pro- 
visioning new systems, be- 
cause the tool knows what 
works well with what. And 
what doesn’t. Vuaong admits 
that the idea of a small Cana- 
dian company competing 
with the likes of IBM in the 
realm of autonomous com- 
puting might seem a tad 
quixotic. But he hopes Nitix’s 
open-source approach gives it 
a distinct advantage over pro- 
prietary approaches. 


Free ERP software 
being given to 800... 

. . companies that qualify. That’s 
the offer from Larry Pettit, 
CEO of Carillon Financials 
Corp. in Richardson, Texas. 
He says his product competes 
toe-to-toe and feature-for- 
feature with ERP products 
from J.D. Edwards, Lawson, 
Oracle and others. J.D. Ed- 
wards users, he notes, have 
shown particular interest in 
the wake of the PeopleSoft/ 
Oracle merger whirl. Pettit 
says that although his compa- 
ny has been in business since 
1990, “we lack name recogni- 
tion.” He claims that the pro- 
motion, which will give 300 
enterprise and 500 work- 
group licenses to the lucky 


companies, is 


not a gim- 
mick and 
eS ELC 
Pear mitts 


that the only 
requirement 
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HOT TECHNOLOGY TRENDS, NEW PRODUCT 
NEWS AND INDUSTRY BUZZ BY MARK HALL 


standard one-year mainte- 
nance agreement. “We're just 
trying to get market share 
and visibility,” he says. The 
promotion ends on Sept. 30, 
and “it’s not too late to get in 
the running,” he says. 


Traditional business 
intelligence. . . 

. . technologies are “dead, done, 
finished in the next 10 years,” 
predicts Anthony Deighton, 
vice president of marketing at 
QlikTech Ince. in Raleigh, N.C. 
Forget about grinding away 
for weeks building complex 
cubes or months creating 
sprawling data warehouses. 
Deighton claims that with the 
arrival of 64-bit systems and 
cheap RAM for PCs and 
servers, all you need is BI 
technology that can read 
every scrap of data into mein- 
ory and tools that can query 
the data in any manner you 
wish. Naturally, Deighton 
claims that his QlikView tool 
does just that right now. He 
says the trick is the compres- 
sion algorithms developed by 
Swedish parent company Qlik- 
Tech Interna- 
tional AB. 
QlikView, he 
says, achieves 
a 10-1 com- 
pression 
ratio, which 
means a 64- 
bit chip run- 
ning Win- 
dows XP Pro- 
fessional x64 
edition using 128GB of mem- 
ory can load more than ITB 
of data that QlikView can 
query. And the physical limit 
of RAM within 64-bit systems 
is theoretically more than 16 
exabytes, larger than any 
known data warehouse. Given 
these new system capabilities 
and products like QlikView, 
Deighton speculates that the 
“doomed” entrenched BI ven- 
dors are part of a natural 
technology cycle. “The in- 
cumbent never wins,” he con- 


cludes. @ 55403 


posits that old- 
line BI vendors 
are dying. 
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GE, Health Care Firm Partner 
‘To Develop Medical IT Systems 


Medication administration system is 


BY HEATHER HAVENSTEIN 

E HEALTHCARE 

and Intermountain 

Health Care Inc. last 

week unveiled plans 
to develop an electronic sys- 
tem for administering patients’ 
medications. The project will 
be the first one the companies 
undertake as part of a 10-year, 
$100 million deal that calls for 
them to work together to de- 
velop an integrated clinical in- 
formation system. 

The electronic medical ad- 
ministration record (EMAR) 
system will be developed at a 
new joint clinical research 
center in West Valley, Utah, 
and deployed at IHC’s 21 hos- 
pitals and 100 clinics and 
physician practices in Utah 
and Idaho. 

First announced in Febru- 
ary, the agreement between 
the two companies also calls 
for them to work together on 
electronic prescription tech- 
nology and electronic medical 
record systems that eventually 
will be marketed commercial- 
ly by GE. 


What the Doctor Ordered 
The EMAR system will couple 
handheld devices and bar- 
coding technology with de- 
tailed patient histories to help 
avoid medication errors at the 
bedside. It will use back-end 
data on drug allergies and 
other patient information 
from a new pharmacy system 
that GE has deployed at one 
IHC hospital and will install at 
its other hospitals throughout 
2006, said Giri Iyer, general 
manager for strategic develop- 
ment at GE Healthcare in 
Chalfont St. Giles, England. 
Marc Probst, CIO at Salt 
Lake City-based IHC, said the 
EMAR system will increase 
the probability that nurses will 
give the right medication to 





the right patient at the pre- 


| scribed time. Because GE 
| technicians will be working 


alongside IHC nurses and 
doctors in the new research 
center, the health care net- 
work can ensure that the re- 


| sulting integrated clinical sys- 
| tem will correspond with its 


health care workflows, he said. 
By using an integrated sys- 
tem, IHC will be able to im- 
prove care by expanding the 
information it collects about 
patients, Probst added. 
“It would have been less 


| costly to go buy an off-the- 
shelf package,” he said. “But 
the ability to have discrete 
data and use that in a deci- 
sion-support system will be 
key to our success.” 

GE plans to have an EMAR 
system in production in at 
least one of IHC’s hospitals by 
the end of 2006. The first ver- 
sion of the clinical informa- 
tion system is expected to be 
available sometime in 2007, 
Iyer said. 

However, David Garets, 
president and CEO of Chicago- 
based research firm HIMSS 
Analytics LLC, said GE likely 
will face challenges marketing 
| the medication administration 





tools developed under the 
deal. The pharmacy system 
must be interoperable with 
hospital clinical data reposito- 
ries and nursing documenta- 
tion systems, he said. The 
problem is that many hospitals 
have already chosen to use 
electronic medical record 
tools from a variety of ven- 
dors, he added. 

“No one has been able to fig- 
ure out how to interface them 
from different vendors,” Garets 
said. “Unless GE can displace 
those systems, they are not go- 
ing to be able to sell pieces 
and parts into someone else’s 
| implementation and have it 


| work very well.” @ 55425 





‘Good Technology Plans Wireless 


Support for Smart Phones, Notes 


BY MATT HAMBLEN 

Good Technology Inc. today 
will announce wireless mes- 
saging support for Microsoft 


| Corp. smart phones as well 
as an acquisition designed to 


enable wireless Lotus Notes 
e-mail access. 

The moves are aimed at bet- 
ter positioning Good, whose 
existing customer base of 
6,500 large companies can al- 
ready access e-mail through 
Microsoft Outlook and a vari- 
ety of wireless handheld de- 
vices — including those of 
rival Research In Motion Ltd. 

Santa Clara, Calif.-based 
Good will announce the acqui- 
sition today of key technolo- 
gies and personnel from Dal- 
las-based JP Mobile Inc. It will 
use those resources to enable 
its GoodLink wireless e-mail 
service to support the Lotus 
Domino server, a company 
spokeswoman said. 

Financial details of the ac- 
quisition were not announced 
in advance. 

Eventually, Good hopes to 


offer wireless support of Nov- 
ell Inc.’s GroupWise e-mail 
system, giving its users access 
to three major e-mail services, 
the spokeswoman said. 

Good will also announce 
GoodLink 4.5 for Microsoft’s 
Windows Mobile smart 
phones, adding to support it 
already provides for devices 
that run on the Palm 
OS and Windows 
Mobile Pocket PC 
operating systems, 
company officials 
said. 

Adding support for 
Notes gives Good ac- 
cess to perhaps 40% 
of the e-mail market, 
said Kevin Burden, 
an analyst at IDC. 
And it’s a necessary 
move, since Micro- 
soft has taken steps 
to support Outlook 
wirelessly in its 
forthcoming release 
of Service Pack 2 
for Exchange Server 
2003, he added. 





smart phone with 
GoodLink software. 


Microsoft will still require a 
connection to the Windows 
Mobile operating system, 
however, whereas Good is 
compatible with a variety of 
operating systems, he said. 


Integrating Smart Phones 
Laurence Barron, director of 
IT infrastructure and opera- 
tions support at Priority 
Healthcare Corp. in 
Lake Mary, Fla., said 
he plans to add smart 
phones with Good- 
Link e-mail access 
for sales personnel 
and executives. Cur- 
rently, 50 people at 
Priority Healthcare 
use a variety of hand- 
helds. Smart phones 
are usually defined 
as text- and voice- 
enabled devices that 
have 12 number keys 
instead of 26 or more 
alphabetical keys. 
Priority Healthcare 
has been testing sev- 
eral smart phones for 





8 |HC is working on plans to 
exchange clin:zal information 
with 500 physicians employed 
by the health care network and 
2,000 who have privileges at 
its 21 


SOPHO e eee rereeesEeeeeereses 


8 The two are considering devel- 
oping digitized radiology and 
cardiovascular information 


eee sereseseseesecosoeseses 


@lHC expects to extend its 
clinical information system 

to automating the operation of 
devices like pumps and monitors. 


the past month, according to 
Barron, who said he likes the 
GoodLink system because it 
allows him to connect new 
smart phones and existing 
handhelds to one GoodLink 
server. The company could 
add as many as 50 new smart 
phones, and Good’s system al- 
lows provisioning for new 
users wirelessly, which can cut 
support costs, he said. 

Barron said he has found 
Good’s service to be less ex- 
pensive than RIM’s, adding 
that it could potentially save 
his company “tens of thou- 
sands” of dollars a year. 

Burden said Good and Wa- 
terloo, Ontario-based RIM face 
a number of competitors, in- 
cluding Visto Inc. and Seven 
Networks Inc. That list will 
eventually include Microsoft, 
he noted. 

GoodLink 4.5 for Windows 
Mobile smart phones will be 
available next month on Mo- 
torola MPx220 and Audiovox 
SMT5600 devices, with wire- 
less service provided by Cin- 
gular Wireless LLC in the U.S. 

Good also will announce 
today that Sprint Corp. will 
market and sell the GoodLink 
service to business customers. 


@ 55436 
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SeaCode Redefines Nearshore 
With Floating IT Workforce 


Founders promise ‘the price of India 
with the proximity of the United States’ 





BY PATRICK THIBODEAU 

What San Diego-based start-up 
SeaCode Inc. plans to do is 
nothing if not novel: anchor a 
cruise ship three miles off the 
coast of Los Angeles, fill it with 
up to 600 programmers from 
around the world, eliminate 
visa restrictions and make it 
easy for customers to visit the 
site via water taxi. The two men 
behind the venture — Roger 
Green, who describes himself as 
an IT and outsourcing veteran, 
and IT consultant David Cook, 
whose job history includes a 
stint as a ship captain — re- 
cently discussed their plan in an 
interview with Computerworld. 


What is the business model? 
GREEN: The promise of the 
benefits of outsourcing in dis- 
tant lands doesn’t come free. 
Most of the gotchas are relat- 
ed to the geography and to the 
cultural difference. 


What are some of those gotchas? 
GREEN: Communicating re- 
quirements, doing knowledge 
transfer [and] managing the 
project are very difficult to do 
even when you are in the same 
building, [let alone] when it’s 
across the world. 


That's the same argument 

made by nearshore providers in 
Canada. COOK: But we offer the 
price of India with the prox- 
imity of the United States — 
that’s the differentiator. 


How does that work? GREEN: 
The model is based on making 
a platform, if you will, to 
house these engineers, this 
workforce, which is very close 
to the U.S. but which is in fact 
not in the U.S. We can pull 
programmers and engineers 
from anywhere in the world. A 
fact of life is there are differ- 
ent skills that are stronger in 


| One country versus another. 


| pensive for us to sit alongside 





Do you have a ship yet? COOK: 
No, but we have one in mind. 
We hope to have it set up and 
ready to run by the beginning 
of [next] year. She is a used 
cruise ship. 


Why anchor three miles off the 
coast? COOK: It’s just more ex- 


a dock, because you have to 
pay for the berth space. 


Does U.S. labor law apply? COOK: 
US. labor law does not apply 





except on a U.S. flagship. The 
flag of the ship will provide 
the labor law — more than 
likely [the ship will be regis- 
tered in] Vanuatu, the Ba- 
hamas or Marshall Islands. 
Their intellectual property 
laws, as well as the laws gov- 
erning seamen, are very simi- 
lar to the United States’. 





What will life be like for your em- 
ployees? COOK: The pay is 
about three times what they 
earn in India today. Each one 
will have their own room. 
They will get meals provided 
for them, cleaning provided 
for them, shore leave, laundry 
and the facilities of a cruise 
ship. This ship is a working 
cruise ship that we’re going to 
buy. There will also be a doc- 
tor on the ship. The normal 
working shift will be 10 hours. 


What is the salary? COOK: Ap- 
proximately $1,800 a month. 


What is your pricing going to be 
relative to India? GREEN: We 
will be approximately the 


www.computerworld.com 


same price as the distant- 
shore companies. We will take 
a little less margin than they 
do. 


| 

Do you expect U.S. residents to 
apply? COOK: Absolutely. Ap- 
proximately 50% of the ré- 
sumés that we’ve received are 
from U.S. residents. 


Are you expecting any legislative 
efforts to block what you’re do- 
ing? GREEN: We’re not going 
into business for political rea- 
sons. What we’re trying to do 
is accomplish several things: 
provide new jobs for Ameri- 
cans; [provide] a better deal 
for American companies that 
need to be successful in engi- 
neering new products to be 
competitive in a global mar- 
ket; and third, we want to keep 
the dollars spent on this in the 
United States. This is a step in 
the right direction and is not, 
in fact, part of the flow over- 
seas. @ 55426 








Microsoft’s Server Promo Targets Midsize Companies 


BY CAROL SLIWA 
MINNEAPOLIS 

Following the success of 

its software package aimed 

at small businesses, Microsoft 
Corp. last week made its first 
concerted effort to court 
midsize companies with a 
Windows Server System 
promotion. 

Companies with 25 to 250 
PCs will be targeted with the 
new discounted offer for a sin- | 
gle stock-keeping unit (SKU) 
that combines three copies of 
the standard edition of Win- 
dows Server 2003, one in- 
stance of Exchange Server 
2003 Standard Edition and the 
workgroup edition of Micro- 
soft Operations Manager 
(MOM) 2005. The promotion, 
due to start next month and 
announced at the company’s 
Worldwide Partner Confer- 
ence here, knocks about 20% 
off Microsoft’s Open volume 
license program prices. 

The bundle will also include 
50 combination client access 
licenses for Windows Server 
and Exchange Server and dis- 





count options for additional 


SOURCE: MICROSOFT CORP 


CALs, up to a limit of 250. 

“Microsoft has done fairly 
well with the small-business 
market by combining a host of 
SKUs within one integrated 
offering,” said Mika Krammer, 
an analyst at Gartner Inc. 
“They’ve dealt well with the 
large enterprise market, which 
has a lot of its own skills to se- 
lect and integrate technology. 
But the midmarket has been 
somewhat underserved by 
Microsoft.” 

Krammer said Microsoft will 
likely tweak the offering or 


Windows Server 
System Promotion 
WHAT IT INCLUDES: Three 
copies of Windows Server 2003 
Standard Edition, and one copy 
each of Exchange Server 2003 
Standard Edition and Microsoft 

ions Manager 2005 Work- 
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CALs cost $76, with a limit of 250. 





add more bundled SKUs as it 
figures out the optimal mid- 
market package. In the mean- 
time, the existing promotion 
could hold appeal for Windows 
Server users upgrading from 
NT 4, or for NetWare users 
who are uneasy about follow- 
ing Novell Inc.’s Linux path, 
she said. But a midsize compa- 
ny would have to want all 
three server products in order 
to benefit, Krammer added. 


MOM Ices the Cake 
MOM’s price tag turned off 
C.E. Franklin Ltd. in the past, 
according to David Curran, 
manager of IT at the Calgary, 
Alberta-based distributor of 
supplies to the oil and gas 
drilling and production indus- 
try. Curran said he would like 
to get MOM because it could 


| oo ° 
ease administration and help 


with system alerts at times of 
trouble. 

C.E. Franklin is in the plan- 
ning stage to replace its aging 
NT 4 and Exchange 5.5 servers. 
But Curran said that with 320 
desktops, he will have to deter- 
mine whether the promotion 


provides a better price than 
other volume discount options. 

Realityworks Inc. in Eau 
Claire, Wis., was afforded an 
early opportunity through 
Microsoft partner Inacom In- 
formation Systems to take ad- 
vantage of the midmarket pro- 
motion to upgrade the NT 4 
and Exchange 5.5 servers that 
service its 58 desktops. MOM 
was “icing on the cake,” said 
Buzz Burce, the company’s 
only network administrator. 

Burce said that in the past, 
he had to set up monitors and 
alerts for each individual serv- 
er, but MOM will allow him to 
do that from a central place. 
“Tt’s just so much easier in one 
place,” he said. 

In conjunction with the pro- 
motion, Microsoft is also of- 
fering supporting documenta- 
| tion and tools to help midsize 
businesses with their deploy- 
ments. The new guidance in- 
cludes the Midsized Business 
IT Center Web site within Mi- 
crosoft’s TechNet and a book 
titled Windows Server System 
Deployment Guide for Mid- 
sized Businesses. @ 55411 
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European Parliament 
Trounces Patent Bill 


BRUSSELS 


HE EUROPEAN Parliament last 
Te overwhelmingly rejected in 

a 648-18 vote legislation that critics 
argued would have allowed widespread 
patenting of software in Europe. 

It has been one of the most contro- 
versial pieces of legislation in the his- 
tory of the European Union. Support- 
ers said the measure was essential to 
harmonize patent laws across the 25 
EU member states. Opponents, includ- 
ing many from the open-source soft- 
ware community, said that it would 
have allowed a wide range of computer 
programs to be patented 
and that it would have 
given large technology 
vendors too much power 
in the software market. 

The rejection brings to 
an end four years of work 
on the proposal, and the 
European Commission 
has said it won't try to 
draft a new version. 

As a result, patents for 
computer-related inven- 
tions “will continue to be 
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issued by national patent offices and 
the European Patent Office,” EU Com- 
missioner Benita Ferrero-Waldner said 
after the vote. There will be “no har- 
monization at the EU level,” she said. 
w SIMON TAYLOR, IDG NEWS SERVICE 


Undersea Cable Cut 
Hampers Pakistan Users 


BANGALORE, INDIA 

SHIP’S ANCHOR cut the undersea 
A that provides most of Pak- 

istan’s Internet connectivity and 
international telephone service on 
June 27, but the difficult repair work is 
under way and is expected to be com- 
pleted this week. 

The damage to the 
cable has crippled Pak- 
istan’s economy, particu- 
larly its call center indus- 
try, banks and online 
stock trading, said V.A. 
Abdi, secretary of the In- 
ternet Service Providers 
Association of Pakistan 
in Karachi. The country 
has to make do with 
the 10OOMbit/sec. of 
bandwidth provided by 
satellite, instead of the 





775Mbit/sec. of bandwidth that Pak- 
istan had before the cable break, Abdi 
said in a telephone interview last 
week. 

The repair crew has been hampered 
by a monsoon and shallow water at the 
site, which has made it difficult to nav- 
igate the repair ship. 

m JOHN RIBEIRO, IDG NEWS SERVICE 


Sasser Worm Creator 
Convicted in Germany 


PARIS 
GERMAN TEENAGER who con- 
Aw: to creating the Sasser com- 

puter worm was found guilty of 
three counts of computer sabotage and 
four counts of data manipulation. He 
was given a suspended sentence of 21 
months. 

Sven Jaschan, 19, was sentenced at 
the district couit in Verden, Germany, 
last week after a brief trial [QuickLink 
55302]. Jaschan was released on three 
years’ probation and must perform 30 
hours of community service, a court 
statement said. He could also face civil 
lawsuits from companies whose IT 
systems were infected by Sasser, which 
spread on the Internet in May 2004 
and crashed hundreds of thousands of 
computers worldwide by exploiting a 
hole in Windows. @ 55405 
w PETER SAYER, IDG NEWS SERVICE 
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Briefly Noted 


Wipro Ltd., India’s third-largest 
software and services outsourcing 
firm, has lost a key executive. The 
Bangalore-based company’s vice 
chairman and CEO, Vivek Paul, is 
leaving to become a partner at 
Texas Pacific Group, a private in- 
vestment firm in Fort Worth, Wipro 
announced late last month. 

w JOHN RIBEIRO, IDG NEWS SERVICE 


The Peacock Group PLC, a fast- 
growing clothing and housewares 
retailer based in Cardiff, Wales, has 
selected fraud-detection software 
from Innovetra Ltd., a retail business 
intelligence software vendor in Lon- 
don. The software analyzes point- 
of-sale data overnight and reports 
suspicious activity the next morning. 


China's Sino-india Cooperative 
Office recently announced a joint 
venture with Microsoft Corp. and 
Tata Consultancy Services Ltd., an 
outsourcing firm based in Mumbai, 
India, to offer IT outsourcing ser- 
vices to global and domestic cus- 
tomers. The venture will start early 
next year at Beijing’s Zhongguan- 
cun Software Park. 





sector, where rival SAP AG 
also competes. Oracle very 


Oracle to Acquire Another Retail Software Maker 


ProfitLogic purchase follows Retek buy 





BY STACY COWLEY 
AND CAROL SLIWA 
Oracle Corp. last week contin- 
ued its foray into the retail in- 
dustry with a deal to acquire 
privately held ProfitLogic Inc., 
a Cambridge, Mass.-based de- 
veloper of profit optimization 
software for retailers. Finan- 
cial terms weren’t disclosed. 

The acquisition follows 
Oracle’s high-profile purchase 
of retail ERP software maker 
Retek Inc. for about $670 mil- 
lion in April [QuickLink 
53620]. ProfitLogic makes 
software that analyzes factors 
such as inventory, pricing and 
promotions to help retailers 
optimize their financial strate- 
gies and improve their profit 
margins. 

Montreal-based Reitmans 





| Canada Ltd., a retail chain 


with nearly 900 stores across 
Canada, uses software from all 
three companies that Oracle 
acquired this year — People- 
Soft, Retek and ProfitLogic. 


| The specialty retailer had 


good experiences during the 
PeopleSoft and Retek acquisi- 
tions, so it’s happy about the 
ProfitLogic purchase, said Di- 
ane Randolph, director of mer- 


| chandising business processes. 


“We trust they know how to 
acquire and merge businesses 


| while still maintaining their 


customer service,” said Ran- 
dolph. She added that before 
the acquisitions, “our IT shop 
was forced to do a lot of inte- 
gration between these differ- 
ent pieces. Now we can expect 
a lot more of that integration 





to come with the solution.” 

Reitmans is in the process 
of rolling out ProfitLogic soft- 
ware for “assortment execu- 
tion,” to get “the right goods 
at the right time in the right 
stores,” Randolph noted. 

She acknowledged that Reit- 


AT A GLANCE 
Customer Gains 


Oracle will be acquiring 
ProfitLogic’s relationships with 
high-profile retail customers 
such as these: 





mans will now be more de- 
pendent on one vendor and 
could lose some negotiating 
power in terms of pricing. 
“But we're confident that 
Oracle will respond appropri- 
ately, because they are still 
facing competition from SAP 
and others,” she said. 


A Good Fit 


ProfitLogic is a smart pur- 
chase for Oracle, according to 
retail analyst Alexi Sarnevitz 
at AMR Research Inc. He said 
that ProfitLogic’s analytics 
software is among the most 
sophisticated in the industry 
and that it will be complemen- 
tary to Retek’s capabilities. 
Before buying Retek, Oracle 
had a limited presence in the 
retail industry. Now, in a mat- 
ter of months, it has positioned 
itself as a major vendor in the 





publicly snatched Retek away 
from SAP in a bidding war. 

Richard Flaks, senior vice 
president of planning, alloca- 
tion and IT at The Children’s 
Place Retail Stores Inc., said 
he’s still digesting the acquisi- 
tion news and wants to talk to 
ProfitLogic “to get an under- 
standing of why this is good 
for us.” The Secaucus, N_]J.- 
based retailer is “in the 
eleventh hour” of implement- 
ing ProfitLogic software for 
markdown optimization. 

“I’m hoping that we don’t 
lose the charm of ProfitLogic,” 
he said. “They’re small and 
very services-oriented. I’m 
hoping there will be some 
benefits of leveraging the 
power of a large organization.” 
@ 55409 
Cowley writes for the IDG 
News Service. 
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IBM Adds Software 
For Gov't Agencies 


IBM announced last week a ver- 
sion of its financial controls com- 
pliance software that’s designed 
to help U.S. government agencies 
meet an Oct. 1 deadline for better 
financial reporting. The new ver- 
sion of IBM’s Workplace for Busi- 
ness Controls and Reporting soft- 
ware is aimed at federal agencies 
that have to comply with White 
House Office of Management and 
Budget regulations similar to 
those of the Sarbanes-Oxley Act. 


Linux Vendors Issue 
Critical Patches 


Gentoo Foundation Inc. has 
warned of a serious, unpatched 
security flaw in Zlib, a compres- 
sion library widely used in Linux 
and Unix applications. The bug 
could be exploited to crash any 
application using Zlib and to run 
malicious code on a system, se- 
curity experts warned. Ubuntu, 
Red Hat Inc., Gentoo, SUSE Linux 
AG, the Debian Project and The 
FreeBSD Foundation have issued 
their own patches to the library. 


Study: Threat of IM 
Attacks Increasing 


A study released last week found 
that hackers and virus writers are 
increasingly exploiting the oppor- 
tunities presented by instant-mes- 
saging-based attacks. The number 
of IM attacks such as viruses, 
worms and phishing scams has in- 
creased from 20 for all of 2004 to 
571 in the second quarter of 2005 
alone, said security vendor IMlogic 
Inc., which conducted the study. 


Short Takes 


CURRENT COMMUNICATIONS 
GROUP LLC, a provider of broad- 
band-over-power-line service, 
has received funding from Google 
inc., Goldman Sachs & Co. and 
The Hearst Corp. . . . SIEBEL 
SYSTEMS INC. warned of another 
set of grim quarterly results. It 
blamed delayed deals, particularly 
in the public sector. 





Continued from page 1 


London 


diction for dealing with these 
kinds of issues” for some time 
now, said Jack Riley, an analyst 
at Rand Corp. in Santa Moni- 
ca, Calif. Ever since a series of 
Irish Republican Army bomb- 
ings in London’s 
subways in the 
1970s, the city has 
been seen as a 
model when it 
comes to protect- 
ing public transit 
systems, he said. 

“The fact that terrorists 
were able to carry out some- 
thing like this in London is an 
indication of how difficult it is 
to predict and prevent this 
kind of attack,” Riley said. 

A series of four explosions 
rocked London’s public trans- 
port system on Thursday, 
killing at least 50 people and 
injuring 700 more. Three of 
the explosions occurred on 
London’s underground com- 
muter-rail system, while the 
fourth ripped through a dou- 
ble-decker bus. 


On Alert 


A lot of “common-sense mea- 
sures” have been taken in the 
US. since Sept. 11, 2001, and 
the Madrid bombings in 
March 2004 to better protect 
public transit systems against 
such attacks, said Daniel 


| Prieto, research director of the 


Homeland Security Partner- 
ship Initiative at the Belfer 
Center for Science and Inter- 
national Affairs at Harvard 


| University. 


Those measures include the 
deployment of more security 


| guards and bomb-sniffing 


dogs, public-awareness cam- 
paigns and the installation 
of better lighting and video- 
surveillance cameras in sta- 
tions, he said. 

“But if you go out and talk 
to transit authorities nation- 
wide, the biggest impediment 
to better security is a lack of 
funding,” Prieto said. 

Increasingly, transit authori- 
ties are looking for more mon- 
ey for cameras; fences; hard- 
ened tunnels; intrusion- and 
radiation-detection systems; 


MORE ONLINE — 


Go to our Web site for 
additional coverage of the 
London terror attack: 

@ QuickLink a6500 
www.computerworld.com 
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| tools for monitoring tracks, 

| cars and engines; and com- 

mand-and-control tools to 
centrally manage security, 
according to experts. 

At a national level, the 
amount needed for such in- 
creased security is around 
$6 billion, according to the 
American Public Transporta- 

tion Association 
(APTA), a non- 
profit group of 
1,500 member 
organizations in 
Washington. 

So far, the public 
transportation in- 
dustry has received only $250 
million in federal security 
funding since 9/11, compared 
with the more than $18 billion 
that has been provided to the 
aviation industry, the APTA 
said in a statement released 
after the London bombings. 

“Since 9/11, the federal gov- 
ernment’s funding of transit 
security has been woefully in- 


IF ATTACKS SIMILAR to those 
that occurred last week in Lon- 
don were to happen in the U.S., 
it would be difficult for emer- 
gency crews to locate people try- 
ing to summon help via their cell 
phones, according to experts. 

Despite efforts after the Sept. 
1, 2001, terrorist attacks to beef 
up mobile services so cell 
phones could be used to help 
track down people, “we're in a 
sad state of affairs in the U.S..,” 
said Jack Gold, an independent 
analyst at J. Gold Associates in 
Northboro, Mass. “If we faced a 
major disaster like London and 
had to locate injured people on 
cell phones today, maybe one or 
two could be located, but the 
system couldn't handle hun- 
dreds of calls. 

“Location [tracking] is not an 
easy thing to do,” he added. 

Part of the problem with using 
enhanced 911 (E911) wireless 
services would be too many 
people making calls at the same 
time, Gold said. Also, technical 








adequate,” APTA President 
William Millar said in the 
statement. 

Mark Short, a spokesman for 
the U.S. Department of Home- 
land Security, said the APTA 
numbers “grossly underesti- 
mate” the investments made in 
transit security. For instance, 


| more than $8 billion has been 


disbursed to state and local 
governments for use in anti- 
terrorism measures, including 
rail, metro and subway systems. 

Some of the security tech- 
nologies being considered by 
the aviation industry are im- 
practical for the public transit 
sector, Riley said. For instance, 
after the Madrid bombings, 
U.S. officials considered using 
technology capable of “sniff- 
ing” passengers for the pres- 
ence of explosives. 

“We are at least a decade 
away before we can even 
imagine using it in the context 
of mass transportation” be- 
cause of the number of people 


complexities and costs have 
slowed efforts by wireless carri- 
ers to implement automatic sys- 
tems that could be used to lo- 
cate cell phone callers, Gold and 
other experts said. 

“It's a very difficult problem, 
given the wireless infrastruc- 
ture,” Gold said. “Don't count on 
being rescued with your wireless 
phone unless you know exactly 
where you are” and can tell an 
emergency operator clearly. 


Not There Yet 

Colleen Boothby, an attorney at 
Levine, Blaszak, Block & Booth- 
by LLP in Washington, said wire- 
less E911 is “a lot better than it 
was five years ago,” but she 
agreed that the service isn’t 
where public officials want it to 
be because of some “very tech- 
nical issues.” 

E911 tracking will become es- 
pecially complex for voice-over- 
IP phones, which can be wired 
or wireless, Boothby and Gold 
said. The Federal Communica- 
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involved, Riley said. The same 
is true for other technologies 
being eyed by the aviation in- 
dustry, including continuous 
air-sampling tools and jam- 
ming products designed to 
prevent explosive devices 
from being remotely triggered. 
The degree to which rail 
systems are trying to address 
the problem varies widely 
across the country, said Henry 
Nocella, chairman of the 
standing consul on global ter- 
rorism at ASIS International, 
an Alexandria, Va.-based secu- 
rity organization with 33,000 
members. “The simple fact is 
that progress has been made, 
but it is sporadic and it is not 
consistent,” he said. 
Ultimately, the emphasis 
has to be on emergency re- 
sponse as well as prevention, 
said Bruce Schneier, chief 
technology officer at Counter- 
pane Internet Security Inc. 
in Mountain View, Calif. 
@ 55438 


Attack in U.S. Would Tax Emergency 
Tracking for Mobile Phone Users 


tions Commission in May set 
minimum standards to help de- 
termine the location of VoIP 
users, such as requiring VoIP 
providers to record a street ad- 
dress for a user when he signs 
up for service. 

The dilemma of tracking cell 
phone users has led to new 
technologies, including one to 
be developed through a collabo- 
ration announced last week be- 
tween TeleCommunication Sys- 
tems Inc. (TCS) in Annapolis, 
Md., and Skyhook Wireless Inc. 
in Boston. Skyhook’s Wi-Fi Posi- 
tioning System will be integrated 
with routing technology in TCS's 
VoIP E9M1 service, said Skyhook 
CEO Ted Morgan. 

Skyhook locates and records 
thousands of Wi-Fi access 
points in major cities and keeps 
them in a database, so when a 
Wi-Fi call is made, the location 


: of the access point and others 
* nearby can be sent to emer- 
: gency personnel, Morgan said. 


- Matt Hamblen 
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US. Effort to Create 
Animal ID System Lags 


Positive mad cow 
test prompts call 
to add resources 


BY MARC L. SONGINI 
N AUTOMATED na- 
tional system for 
tracking animals 
seems years away 
from being operational be- 
cause of numerous challenges. 
But some experts are pushing 
the U.S. to quicken the pace, 
since a cow tested positive 
for bovine spongiform en- 
cephalopathy (BSE), or mad 
cow disease, last month in 
Iowa. 

Although the Department of 
Agriculture has been actively 
working on a livestock-track- 
ing program since 2003, the 
U.S. continues to lag behind 
beef-producing rivals such as 
Japan, Australia and the U.K. 
[QuickLink 43786]. 

“The bottom line is that the 


Microsoft 


New version will 
have database 
marketing module 


BY PETER SAYER AND 

STACY COWLEY 

Microsoft Corp. last week out- 
lined plans to release a new 
version of its CRM software in 
the fourth quarter of this year. 
The upgrade will feature one 
module for managing direct 
marketing campaigns and an- 
other for scheduling person- 
nel and resources. 

The new version is a leap 
forward in numbering, too: 
Microsoft is jumping directly 
from the current Version 1.2 to 
Version 3.0. 








Customers will be able to 
use Microsoft CRM 3.0 either 
as a packaged product run in- 
house or as a hosted, subscrip- 
tion-based service. 


program needs to move ahead 
more quickly than it is,” said 
DeeVon Bailey, an agro-econo- 
mist at Utah State University 
in Logan, Utah. “If additional 
cases of BSE are confirmed in 
the U.S., it will provide addi- 
tional incentives to accelerate 
the implementation of the 
program,” he said. 


ID System in the Works 
The USDA project, dubbed 
the National Animal Identifi- 
cation System (NAIS), was of- 
ficially launched after the dis- 
covery of a case of mad cow 
disease in Washington state in 
2003 [QuickLink 43792]. The 
department is drafting a strate- 
gic plan and program specifi- 
cations; the deadline for public 
comments was last week. 

So far, the big challenges 
are securing adequate funding 
and selecting the right tech- 
nology. 

Although there is no official 








estimate, some observers have 
pegged the long-term cost of 
the NAIS project at $600 mil- 
lion or more. Cattle ranchers 
expect the system to be based 
primarily on radio frequency 
identification (RFID) tags, 
though the USDA says other 


a 


Previews CRM 3.0 


Analysts said the new ver- 
sion, which will begin ship- 
ping to Microsoft partners 
this month, may finally make 
Microsoft’s CRM offering 
competitive with other mid- 
market CRM systems. 

“The new product has fixed 
a lot of the holes,” said Sheryl 
Kingstone, an analyst at The 
Yankee Group. 

For example, in response to 
requests from users, the new 
version looks more like Micro- 
soft’s widely used Outlook 
personal information manager, 
said Brad Wilson, general 
manager of Microsoft CRM. 

A couple of Microsoft CRM 
1.2 customers said they’re 
looking forward to 3.0’s new 
features, particularly the tight 
Outlook integration. 

Darryl Nitke, CIO at Cosa 
Instruments Corp., a distribu- 
tor of sensors, meters and in- 





dustrial controls in Yaphank, 
NY., said he wants to be able 
to create a task in the CRM 
application and see the data 
replicated in his Outlook cal- 
endar automatically. 

Nitke said another feature 
in CRM 3.0 will enable sales- 
people to better manage their 
prospects by permitting every 
recorded contact with a client 
to be aggregated and arranged 
chronologically. 

He added that native sup- 
port for this feature could 
eliminate the need for a third- 


CRM 3.0] 
has fixed a lot of 


SHERYL KINGSTONE, ANALYST, 
THE YANKEE GROUP 








technologies such as optical 
scanning are also being re- 
searched. 

The USDA says a fully oper- 
ational system is slated to be 
ready in 2009, when partici- 
pants will be required to have 
both their premises and ani- 
mals logged into a national 
database that will enable a 
complete trace within 48 
hours. 

But the effort to reach that 
goal still faces considerable 
problems, according to indus- 


AD COV SE in the U.S. has renewed calls for 
an automated national tracking system for animals. 
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try insiders. 

To date, adequate funding 
for the program hasn’t been 
allocated, said Jess Petersen, 
director of government rela- 
tions at the Ranchers-Cattle- 
men Action Legal Fund, Unit- 
ed Stockgrowers of America, a 
trade and marketing group in 
Washington. 

A USDA spokeswoman said 
the government appropriated 
$33 million for the project in 
2005, with another $33 million 
included in the White House’s 
2006 budget. She added that 
the agency will let the indus- 
try decide on the technology. 

“There is still a major de- 
bate going on in the industry,” 
Robert Fourdraine, chief oper- 
ating officer of the Wisconsin 
Livestock Identification Con- 
sortium and a member of the 
NAIS subcommittee, said in an 
e-mail. “Certain groups feel 
USDA is going too fast, while 
others think too slow.” 

Participants in the effort to 
create the ID system exist in 
every state and include vari- 
ous industry associations and 
cattle-raising Native American 
tribes, the USDA spokes- 
woman said. @ 55396 





party tool that costs $50 per 
seat. 

The new version’s ability to 
do more detailed scheduling 
and its database schema ex- 
tension are of great interest 
to Rick Shrum, director of IT 
for the Seattle SuperSonics 
and Seattle Storm basketball 
teams. 

However, Shrum said that 
he has questions about what 
the process of upgrading from 
1.2 to 3.0 will be like. 

Microsoft is still deciding 
how the new modules will be 
priced and packaged, accord- 
ing to Wilson. 

The decision to skip ahead 
to Version 3.0 reflects the 
magnitude of the updates, he 
said. Late last year, Microsoft 
was preparing to release CRM 
2.0, but feedback from part- 
ners during alpha testing con- 
vinced Microsoft to delay the 
software to add new features, 
Wilson said. 

“A lot of what our partners 
had asked for were things that 


were already in our 3.0 road 
map,” he said. 

Microsoft claimed that 
about 4,000 organizations are 
running Microsoft CRM, and 
some analyst research sug- 
gests that the number could 
grow rapidly. 

In a recent Forrester Re- 
search Inc. survey of 1,000 
small and midsize businesses, 
Microsoft was the vendor 
most commonly named by re- 
spondents who said they’re 
evaluating CRM software, For- 
rester analyst Liz Herbert said. 

Customers have had a long 
wait for Microsoft’s CRM up- 
date; Version 1.2 came out in 
December 2003. 

Microsoft said it will release 
CRM 3.0 to existing users in 
the fourth quarter and sell it 
to new customers in the first 
quarter of next year. @ 55398 


Sayer and Cowley write for the 
IDG News Service. Computer- 
world’s Marc L. Songini con- 
tributed to this article. 
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Financial Firms to Share Identity Theft Data With FTC 


Information sharing is expected to help 
police with cross-border investigations 





BY GRANT GROSS 

WASHINGTON 

A US. center that helps vic- 
tims of identity theft plans to 
share consumer complaint in- 
formation with the Federal 
Trade Commission and law 
enforcement agencies to im- 
prove investigations. 

The Identity Theft Assis- 
tance Center (ITAC) will be- 
gin sharing information such 
as the types of scams reported 
and suspected offenders iden- 
tified by victims, the center 
announced last week. The 
ITAC is supported by 48 large 
financial services companies. 

The center plans to provide 


How can you be so sure this color printer 





the FTC with that information 
in about six weeks. The FTC, 
in turn, will share the data 
with law enforcement agen- 
cies across the U.S. 

ITAC officials hope such 
information sharing will help 
police investigate identity 
theft crimes, according to 
Anne Wallace, executive di- 
rector of Identity Theft Assis- 


| tance Corp., the Washington- 


based nonprofit organization 
that operates the center. 

The ITAC will share infor- 
mation only when victims give 
their permission, she said. 

In many cases of identity 
theft, local law enforcement 


is as dependable as it is affordable? 
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I’m talking Ricoh 
color here, Jerry. 


| agencies don’t have informa- 
tion about identity theft inves- 
tigations in bordering counties 
or cities, Wallace said. 

With millions of identity 
theft cases reported in the U.S. 
| each year, small cases that 
have no obvious links to other 
local cases can end up on an 
investigative back burner, 
she said. 


Getting the Big Picture 
Investigators “don’t have the 
big picture in many cases,” 
Wallace said. “The goal is to 
allow investigators to find 
more than one case — to 
make links between multiple 
cases.” 

In the past, financial ser- 
vices companies often shared 
identity theft data with local 





~ States with the most incidents 
of identity theft per capita: 
1. ARIZONA 
2. NEVADA 
3. CALIFORNIA 
4. TEXAS 
5. FLORIDA 


law enforcement agencies, but 
there was no national data- 
sharing effort, she said. 

The FTC and ITAC have 
had a working relationship 
since the center was founded 
in October 2003, Wallace said. 

The FTC also has relation- 
ships with about 1,200 law en- 
forcement agencies across the 





ea a Spots § 


COMPUTERWORLD July 11, 2005 19 


U.S., added Lois Greisman, an 
associate director in charge of 
the identity theft program at 
the FTC. 

The ITAC is supported 
by members of the industry 


| group The Financial Services 
| Roundtable and its IT sister 
| organization, BITS. ITAC’s 


goal is to help victims of 


| identity theft resolve their 
problems. 





Among the supporting com- 


panies are BB&T Corp., Ford 
| Motor Credit Co., MBNA 
| Corp., U.S. Bancorp and Wells 
| Fargo & Co. @ 55397 


Gross writes for the IDG 
News Service. 


| READ MORE ONLINE = 


| More news about data protection can be 
| found at our Security Knowledge Center 
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OPINION 


DON TENNANT 


Just Imagine 


TEND TO HAVE a favorite quote in each 
week’s issue — one that conveys a fact of life 
in a few simple words. Last week, I found it 


in Gary Anthes’ story “Love that ‘Legacy 


»’ 


[QuickLink 55070], where Northrop Grumman 
Ship Systems CIO Jan Rideout cautioned against ex- 
pectations of big maintenance cost savings by mov- 
ing applications off a mainframe. 


“That’s overhyped by 
the suppliers who want to 
encourage you to replace 
your mainframe systems,” 

Rideout said. 
She’s right, of course. 
So few vendors are mak- 
ing money off of main- 
frames that there’s a con- 
certed effort afoot to con- 
vince you to abandon 
them. The easiest way to 
do that is to create a buzz 
that positions mainframes 
as dinosaurs and the person who 
supports them as a troglodyte who 
would dent a blade server if he 
bumped his head on it. 

It has gotten to the point where 
some vendors who make money off 
of mainframe hardware and software 
are embarrassed to admit it. How are 
they supposed to position them- 
selves as suppliers for tomorrow’s 
technology without intentionally 
coughing over the word mainframe? 

Fortunately, that’s not IT’s prob- 
lem. IT’s problem is supporting the 
business, and mainframes are going 
to play a central role in doing that 
indefinitely. True, there are legiti- 
mate reasons to migrate certain ap- 
plications off of mainframes when 
business needs change. That’s what 
happened at Northrop Grumman. 
From a technical standpoint, there 
was no reason to replace the old 
code. “The mainframe environment 
is very secure, configuration man- 
agement is excellent, and we have 
excellent tools,” Rideout says. Proc- 
ess improvements such as introduc- 
ing wireless devices that needed to 


be integrated with back- 
end systems prompted 
Northrup Grumman’s 
Ship Systems unit to re- 
place some old Cobol 
and Fortran code with an 
SAP package. 

But the vast majority 
of business data still re- 
sides on Cobol-based 
systems (70% is a widely 
accepted figure), and it’s 
silly, if not irresponsible, 
for anyone to marginal- 

ize that fact. As much as the vendors 
with a vested interest in mainframe- 
bashing would love to see that old 
code vanish, it’s just not happening. 
The reason is simple. The stuff 
works, and it works really well. 
Rideout is unwilling to let the 
knowledge gained through the cre- 





ation and operation of those “legacy” 
systems go to waste. Instead, she fos- 
ters an environment in which older 
workers share their knowledge with 
their younger counterparts. 

“Once people get over the it’s-my- 
father’s-Cobol thing,” Rideout says, 
“the young kids can be a little open- 
minded and get into these older sys- 
tems and see that there are some 
interesting aspects to them.” 

A veteran systems engineer who 
wrote to us after reading Anthes’ ar- 
ticle explained the significance of 
that with the clarity that only some- 
one in the trenches really can. 

“Just imagine a hardware system 
with today’s cost-effective gigahertz 
cycle time and gigabytes of cost- 
effective memory running a system 
as bulletproof and secure as z/OS, as 
flexible as z/VM, with networking 
control like Unix, the development 
power of Java and a user interface 
like Windows!” he wrote. “That’s 
what we could have had by now if 
the young folks would have taken 
the time to learn from the past.” 

Yeah. Just imagine. @ 55414 
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DAVID MOSCHELLA 


China, India: 
Here We 
Go Again 


HESE DAYS, it’s hard to 
attend an IT industry 
conference or sift 


through the global business 
news without being subjected to dire 
warnings about the rising power of 
India and China. Growing U.S. trade 
deficits, the appeal of offshore soft- 
ware development and even the rising 
price of oil all speak to the emergence 
of competitive challenges. Yet while 
these issues can’t be lightly dismissed, 
to assess their ultimate significance 
we should start with the question, 
“Haven't we heard all of this before?” 

At the United Nations in 1956, when 
Nikita Kruschev banged his shoe and 
screamed “We will bury you!” at the 
USS. representatives, lots of “experts” 
believed him. Many 
pundits thought that 
centrally managed 
economies would 
prove to be superior 
— a belief that lasted 
for several decades. 

Of course, it was the 
USSR that found it- 
self buried in the 
dustbin of history. 

During the 1970s 
and ’80s, it was 
Japan’s turn. After 
Japan took over the 
global consumer 
electronics market 
and much of the car industry, many 
proclaimed that with its close busi- 
ness/government cooperation, its in- 
terlocking corporate ownership struc- 
tures and its long-term market views, 
Japan and the other Asian “tigers” had 
discovered a superior form of capital- 
ism. Ezra Vogel’s Japan as Number One 
and Clyde Prestowitz’s Trading Places 
were required reading. Of course, in 
1989, the Japanese economic bubble 
burst, and many of Japan’s “strengths” 
are now recognized as weaknesses. 

In the 1990s, we heard about the 
emerging European superstate. Europe 
was already the world’s largest econo- 
my, and many claimed that its strong 
social safety net and public sector 
would expose the weaknesses of the 
U.S’s relatively laissez faire approach. 
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In his influential book Head to Head, 
MIT economist Lester Thurow argued 
that Europe was best positioned to win 
the 21st century race for economic 
leadership. Today, much of “old” Eu- 
rope is economically stagnant; political 
integration has halted, and even the fu- 
ture of the euro is uncertain. 

This history demonstrates the 
healthy U.S. market for excessive 
rhetoric about global competitiveness. 
While Japan and Europe have had 
many successes, so, of course, has the 
U.S. And yet most of the debate seems 
based on the view that the world’s eco- 
nomic pie is somehow fixed and that 
the growth of one country must mean 
the decline of another. 

Thus, when you see highly publi- 
cized new books such as Three Billion 
New Capitalists (also written by 
Prestowitz), you might want to keep 
these examples in mind. The U.S. re- 
mains the clear leader in semiconduc- 
tors, software, aerospace, cyberspace, 
biotechnology, nanotechnology, enter- 
tainment, agriculture, defense and 
many other sectors that will benefit 
from growing Chinese, Indian and 
other markets. 

And while future leadership is cer- 
tainly not a U.S. entitlement and will 
have to be earned every day, the reality 
is that with its focus on low-cost man- 
ufacturing, China is much more of a 
threat to Japan and Korea than it is to 
the U.S. As for India, its growing num- 
ber of skilled IT workers will prove to 
be an essential worldwide resource, 
but it will be decades before India’s do- 
mestic markets are strong enough to 
place it at the leading edge of IT value 
creation. If history is any guide, India 
and China will have plenty of their 
own problems, and their success won’t 
have to come at our expense. @ 55315 


MICHAEL GARTENBERG 


The High 
Cost of Not 
‘Training 


FEW YEARS BACK, I 

was on a plane going 

to a conference where 
I was to speak on IT issues. 
One of the themes of my presentation 
was that nearly 90 cents of every dollar 
spent on software for end users was 
wasted because of a lack of training. 

Sitting next to me was an older gen- 


; tleman using what was then 


a state-of-the-art ThinkPad. 
It clearly oozed “power 
user,” and the huge (for the 
time) 14-in. display was 
amazing and grabbed my 
attention. In the course of 
glancing longingly at the 
screen, I noticed that the 
application my seatmate 
was busily typing away in 
was Windows Notepad. 
Even more astonishing was 
the fact that Notepad wasn’t 
zoomed to fill the XGA 
screen, nor was word-wrap 
turned on, so he was forced 
to scroll in four directions 
instead of two. 

After a moment or two of 
watching this, I introduced 
myself and we chatted for a 
bit. It turned out that he was 
the CEO of his company. He ranted 
about what a waste of money his PC 
was and how unhelpful his IT folks 
were (his actual words were slightly 
more colorful). Watching him work, I 
easily understood his frustration. I 
showed him how to zoom Notepad and 
turn on word-wrap. From his reaction, 
you'd think I was Prometheus showing 
him fire. In exchange for promising 


never to divulge either his 
or his firm’s identity (al- 
though every time I tell 
this tale, at least three peo- 
ple say, “Oh, I see you met 
my boss”), he let me poke 
around his laptop a bit. I 
found hundreds of text 
files saved in his root direc- 
tory. But though he had 
every possible PC produc- 
tivity application installed 
— office suites, graphics 
applications, Web tools — 
no one had ever bothered 
to show him how to use 
any of it. He just tripped 
over Notepad and started 
using it to get some work 
done. I thought at the time, 
“Ninety cents? More like 99 
cents in this case.” 

I share this tale because 
things aren’t getting simpler on PCs. 
Despite software that claims to be “in- 
tuitive” (although I’ve yet to see a PC 
intuit anything; I suspect they mean 
the software is intuitable, although it 
isn’t that either), most folks won't be- 
come productive without training. 

I suspect this situation will become 
even worse over the next year, since 
vendors are increasingly targeting end 


va a 





users with marketing pitches designed 
to gain mind share for their products. 
IT departments must counter this by 
keeping users informed of their plan- 
ning process, but they also must be 
prepared for an onslaught of support 


| and training challenges as users clam- 


or for the new stuff. 

The problem is that when budgets 
are slashed, training is often the first 
thing to go. Remember, there’s no tech- 
nology investment that will yield pro- 
ductivity without some learning. Ig- 
nore that part of the equation, and it 
doesn’t matter how good the core tech- 
nology is or whether the technology 
deployment is being driven by IT or by 
end users themselves. Instead of pro- 
ductivity, you will get frustrated and 
angry users who will be loath to ap- 
prove the next big thing. 

Make sure you spend the time get- 


| ting your executives up to speed on 


their corporate gear and the stuff 
they buy themselves, even if it’s not 
IT-approved. Who knows? One of 
them might be sitting next to me on 


my next trip. @ 55371 
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Certifications Are Limited in Accuracy 


READ BOTH OF Don Tennant's 

recent columns about certifica- 
tions [“Certifiably Concerned,” 
QuickLink 54921; “Certifiably 
Mad?” QuickLink 55056] but didn’t 
see any mention of independent vs. 
vendor certifications. | agree that 
vendor certifications are a coin’s 
depth away from useless. They ex- 
pire at the whim of the vendor (.Net, 
anyone?) and only show that the 
person has knowledge of a specific 
product. 

Certification should require pass- 
ing an exam and possibly some ex- 
perience, and ongoing education 
requirements should have to be met 
to maintain the certification. How 
much respect would you give a doc- 
tor who was board-certified by Pfiz- 
er? Why would a Cisco certification 
demand any more credibility? 
Dewey J. Cori 
Rochester, N.H. 


WOULD AGREE with Tennant ex- 
cept for one disturbing thought: 
He assumes that certification really 


does identify superior technical 
skills. Meaningful professional li- 

| censing involves far more than one- 
time certification; continuing quality 
review is essential. IT doesn’t have 
that, partly because it would be dif- 
ficult to obtain consensus on how 
to doit. 

Possibly the compensation for 
noncertified people is rising faster 
than for certified people because 
many managers think they have 
found that certification is an unreli- 
able indicator of quality. The more 
important IT becomes, the more 
nontechnical managers will want 
| authority over it, so the problem of 
determining who is really good at IT 
will only get worse. Rather than in- 
sisting on certification, we IT pro- 
fessionals might do better to insist 
| onhelping top management evalu- 
ate how well middle managers un- 
| derstand and manage IT. 

Douglas A. Samuelson 
President, InfoLogix Inc., 
Annandale, Va., 

| samuelsondoug@yahoo.com 











"VE WORKED WITH several peo- 

ple who had professional certifi- 
cations (I have none). You would 
think that | would have been going 
to them for help, but it was the other 
way around. They were constantly 
coming to me with questions, or 
couldn't finish projects because 
they were too hard, or needed 
hand-holding to get things done. 
Craig Temby 
Senior systems administrator, 
Allmerica Financial Corp., 
stemby@allmerica.com 


HE EDITORIAL ABOUT my firm's 
recent findings revealing 
greater gains for noncertified skills 


pay vs. certifications made some in- 


teresting points. But | wonder if a 
just-completed Foote Partners 
study of talent management at 
technology vendors and Tier 1!T 
professional services firms might 
make Tennant think twice. On aver- 
age, vendors don’t use their own 
certifications to qualify their work- 
ers’ skill sets, preferring more rigor- 
ous proprietary measures. More- 
over, neither IT services firms nor 





vendors’ consulting divisions find 
that broadcasting publicly available 
certifications held by their consul- 
tants offers much of a marketing 
advantage. This might come as a 
surprise if it were not for the reality 
that certification programs are typi- 
cally managed by the sales and 
marketing divisions at tech vendors. 
Bottom line: Caveat emptor. 

David Foote 


President and chief research 


officer, Foote Partners LLC, 
New Canaan, Conn., 
dfoote@footepartners.com 


COMPUTERWORLD welcomes 
comments from its readers. Letters 
will be edited for brevity and clarity. 
They should be addressed to 
Jamie Eckle, letters editor, Com- 
puterworld, PO Box 9171, 1 Speen 
Street, Framingham, Mass. 01701. 
Fax: (508) 879-4843. E-mail: 
letters@computerworld.com. 
Include an address and phone 
number for immediate verification. 
For more letters on these and 


other topics, go to 
www.computerworld.com/letters 





ThinkPad recommends Microsoft® Windows® XP Professional. 


RECOVERS YOUR WORK IN MINUTES. 
RESTORES YOUR SANITY IN AN INSTANT. 


Availability: All offers subject to availability. Lenovo reserves the right to alter product offerings and specifications at any time, without notice. Lenovo is not responsible for photographic or typographic errors. *Pricing: Prices do not include tax or shipping or recycling fees and are subject to change without notice. Reseller 
prices may vary. Warranty: For a copy of applicable product warranties, write to: Warranty Information, P.0. Box 12195, RTP, NC 27709, Attn: Dept UF2A/B203. Lenovo makes no representation or warranty regarding third party products or services. Footnotes: (1) Mobile Processors: Power management reduces processor 
speed when in battery mode. (2) Wireless: based on IEEE 802.114, 802.11b and 802.11g respectively. An adapter with 11a/b, 11b/g or 11a/b/g can communicate on either/any of these listed formats respectively; the actual connection will be based on the access point to which it connects. (3) Included software: may 
differ from its retail version (if available), and may not include user manuals or all program functionality. License agreements may apply. (4) Memory: For PCs without a separate video card, memory supports both system and video. Accessible system memory is up to 64MB less than the amount stated, depending on 
video mode. (5) Hard drive: GB = billion bytes. Accessible capacity is less; up to 4GB is service partition. (7) Thinness: may vary at certain points on the system. (8) Travel Weight: includes battery and optional travel bezel instead of standard optical drive in Ultrabay bay, if applicable; weight may vary due to vendor 
components, manufacturing process and options. (9) Internet access required; not included. (10) Embedded Security Subsystem: requires software download. (11) Limited warranty: Support unrelated to a warranty issue may be subject to additional charges. (12) Systems with limited onsite service: are designed to 





MOBILE 
TECHNOLOGY 


ThinkPad R51 ThinkPad X40 


hinnest and lightest ThinkPad 
DISTINCTIVE INNOVAT DISTINCTIVE INNOVATIONS 


Em 


{ded 
b € 


SYSTEM FEATURES SYSTEM FEATURES 


e Mot 
Centrino™ Mot 


Maybe you've had a virus attack. Or a software installation fai 


Or your operating system’s been corrupted. Just press the | 
button on any ThinkPad® notebook and a range of tools con 


Microsoft® Windows® XP Pr 


to the rescue. It’s called Rescue and Recovery™. Standard on all 14.1" XGA TFT Display (1024x7 


new ThinkPad notebooks; it can get you up and running even 256MB DDR SDRAM‘, 40GB Hard Drive 


of confidence. Instead of that sinking feeling. 


5 


when your operating system’s down. So work with a feeling * 
$1049 om 2sasewu 


ThinkPad Premiere Leather 
Carrying Case 


“39 


$1499 en 238 


ThinkPad Women’s Executive 
Red Leather Tote 


$130 


With the Think Express Program, ThinkPad notebooks are preconfigured with your business, and your bu 


Contact your authorized reseller. 
To find one near you, or to buy direct, go to thinkpad.com/security/m583. Or call 1 866-426-0009. 


ThinkPad is a product of Lenovo. 


ThinkPad. 


be repaired during the applicable warranty period primarily with customer-replaceable parts. A technician will only be sent onsite to perform a repair if (a) remote telephone diagnosis and/or customer part replacement are unable to resolve the problem, or (b) th 
replacement. For a list of onsite replaceable parts, contact Lenovo. Support unrelated to a warranty issue may be subject to a s. Trademarks: The following are trademarks of Lenovo: ThinkPad, ThinkCentre and | ct. IBM and IBM 

Microsoft and Windows are registered trademarks of Microsoft Corporation. Intel, Intel Inside, Intel Inside logo, Intel Centrino, | eleron, Intel Xeon, intel SpeedStep, Itanium, Pentium, and Pentium Ill Xeon are trademarks or registered trademarks of Intel Corp 
and otner countries. Other company, product and service names may be trademarks or service marks of other companies. ©2005 Lenovo. Al s reserved. 

Visit www.lenovo.com/safecomputing periodically for the latest information on safe and effective computing. 











CA software enables 


split-second securities trades a day for three of the world’s 

leading investment firms. 

Huge order volumes are executed swiftly and securely across platforms around the globe. 
It all happens when CA software automates systems and processes. To manage your 
customers’ transactions with this kind of speed and reliability, call a CA representative 


at 1-888-423-1000 or visit ca.com/didyouknow. 


Simplify 
Automate ca) Computer Associates® 


Secure 


© 2005 Computer Associates International, Inc. (CA). All rights reserved 


TECHNOLOGY 


Big-Time Storage 

On the Cheap 

An increase in functionality and 

a drop in component prices is 
making midrange storage the most 
attractive option for users like 
Ameritrade’s Asiff Hirji. Page 28 





With so many 
types of 
malware 
stalking the 
Internet, 
companies 
pile on their 
e-mail 
defenses. 


By Sue 
Hildreth 


JOYCE HESSELBERTH 


QUICKSTUDY 

AJAX 

Asynchronous JavaScript and XML 
is an approach to developing Web 


applications in which client Web pages 


are modified incrementally rather than 
being replaced entirely every time an 


update is needed. Page 34 
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SECURITY MANAGER'S JOURNAL 

IDS Pays Off, Even if 

There’s No Hacking 

The intrusion-detection system at 
| Mathias Thurman’s firm shows its 
| value once more as his security 

team sets out to mitigate the 

effects of a nasty worm. Page 32 


HEN THE NIMDA WORM 
struck in 2001, one of its 
many victims was the 
Virginia Hospital Center 
in Arlington. The worm 
crashed servers, erased data and 
forced VHC to hire a consultant. 

“It deleted files and brought a cou- 
ple of servers to their knees,” says IT 
director Mark Rein, who joined VHC 
a year after Nimda struck. “We had to 
have a company come in and eradicate 
the virus.” 

Fortunately, the virus didn’t attack 
patient data. But it did provide a wake- 
up call, making VHC aware that it 
needed better e-mail security. There 
wasn’t a silver bullet that could stop all 
viruses and — nearly as bad — spam, 
so VHC opted for multiple overlapping 
defenses. 

Today, the hospital is protected by 
five layers of anti- 
virus and anti- 
spam defenses: an 
e-mail relay and 
antivirus product 
called eSafe from 
Aladdin Knowl- 
edge Systems Ltd.; 
an antispam and 
antivirus device from MailFrontier 
Inc.; antivirus software from Symantec 
Corp. on the e-mail servers and desk- 
tops; and a Web filter from Websense 
Inc. to monitor HTTP traffic and pre- 
vent employees from accidentally 
downloading viruses from the Web. 
Finally, the hospital uses a Juniper Net- 
works Inc. intrusion-detection and 
-prevention product to alert IT staff to 
anomalies in network traffic or unau- 
thorized software on the system 

Sound excessive? In this era of mas- 
sive malware attacks, such multiple 
layers of defense are, in fact, not para- 
noid but prudent. 
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In a March report from Ferris Re- 
search in San Francisco, antivirus soft- 
ware vendors said that there were 
nearly 100,000 viruses in existence 
then and that the number is increasing 
each month. F-Secure Corp., a vendor 
of antivirus products in Helsinki, 
Finland, notes that the largest virus 
outbreak in 2004, MyDoom.A, churned 
out nearly 10% of global e-mail at 
its peak. 

Another problem is spyware and ad- 
ware, small programs that install them- 
selves on a PC and either push out ad- 
vertising or, in the case of spyware, track 
user activities. Such programs can come 
from the most innocent of sources. 

Last fall, for example, the U.S. De- 
partment of Energy’s Carlsbad, N.M., 
office was perplexed by a sudden flood 
of pop-up pornographic ads on employ- 
ee PCs. “We couldn’t understand how 
we were getting all this traffic from 
adult sites,” says Paul DeVito, informa- 
tion systems site security manager. 

His staff traced it to a weather site 
used by the 
DOE that had 
been hacked 
and was 
downloading 
X-rated ad- 
ware to visi- 
tors’ PCs. 

Besides cut- 
ting productivity, adware and spyware 
can also cause computer problems and 
worse. “It can cause instability in PCs, 
operations to crash, slow performance, 
notes Chris Williams, a senior analyst 
at Ferris Research. “And it can log your 
keystrokes and report those back to a 
Web site, so your network log-in is 
being compromised.” 


s . 
Security Strategies 
How can a company shore up its 
servers and desktops against this rising 
tide of malware? First, say experts, ed- 
ucate employees on spam and viruses. 
But education can go only so far; tech- 
nology is also needed. Here are five 
steps for defending against malware. 


” 


RESTRICT USER PRIVILEGES. 

The fewer the system privileges 

on a user’s desktop, the fewer op- 

portunities there are for viruses 
and spyware to take over, says Andrew 
Jaquith, an analyst at The Yankee Group 
in Boston. “The biggest reason compa- 
nies have spyware problems is the user 
privileges are set too high,” he says. 

IT may also opt to block certain 
types of attachments, such as exe- 
cutable or Zip files, and prevent access 
to certain Web sites. The DOE’s Carls- 
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bad office now uses Websense soft- 
ware to block access to adware- and 
spyware-heavy sites, such as gambling 
sites. It also relies on an e-mail firewall 
from Tumbleweed Communications 
Corp. with built-in McAfee Inc. anti- 
virus and spyware filtering tools. 


APPLY PATCHES IMMEDIATELY. 

Installing security patches and 

updates is critical, regardless 

of how much antivirus protec- 
tion you may have. JetBlue Airways 
Corp. in Forest Hills, N-Y., for example, 
has layers of antivirus and antispam 
defenses, but its IT staffers also apply 
new security patches promptly, says 
Lesen Wang, IT e-mail systems admin- 
istrator at JetBlue. 

“Even with an antivirus program, a 
virus can get through,” he says. Two 
years ago, for example, JetBlue’s desk- 
tops were infected by the Blaster virus 
because they hadn’t been patched, but 
the airline’s servers, which had received 
regular updates, remained unaffected. 


SWITCH TO ALTERNATIVE 

E-MAIL PACKAGES. 

While not guaranteed to be 

shielded against viruses, non- 
standard (that is, not Microsoft) soft- 
ware is less likely to be targeted by 
virus writers. 

For example, Brett McKeachnie, net- 
work systems administrator at Utah 
Valley State College, reports that the 
school, which uses Novell Inc.’s 
Group Wise, never had a virus problem 
and didn’t realize it was receiving 
viruses until it installed iSolation 
Server, an e-mail security product 
from Avinti Inc. in Lindon, Utah. 

“Avinti put [iSolation Server] into 
the mail stream, and the next thing you 
know, we’ve got 40 to 50 viruses hitting 
the filter,” says McKeachnie. However, 
not everyone at Utah Valley State uses 
GroupWise — some are on Outlook — 
so the college remains vulnerable to 
virus attacks and, of course, spam. 


BUILD A MULTILAYERED 
DEFENSE. There are several ap- 
proaches to antivirus and anti- 
spam protection, none of 
which is 100% effective. So using two 
or more is a useful strategy, say experts. 
Techniques for blocking spam in- 
clude maintaining blacklists of spam- 
mers’ Internet addresses and employ- 
ing the challenge/response strategy, 
which attempts to catch spammers by 
asking a suspicious sender to resend the 
message, the assumption being that an 
automated spam program won't reply. 
Another option is Bayesian filters, 








which “learn” to recognize spam from 
samples that an IT administrator or an 
end user feeds it. The filter then uses 
probability scores to decide whether 
an e-mail is likely to be spam. 
Signature-based scanning is the most 
common approach for identifying 
viruses, but it doesn’t help when there’s 
a brand-new virus on the loose. The 
“zero hour” problem — the time lag 
between the initial release of a new 
virus and the point when an antivirus 
software vendor can issue a patch up- 
date — is the biggest problem with sig- 
nature-based products, especially since 
the gap can be as long as eight hours. 
Companies relying solely on pattern- 
based antivirus protection are vulnera- 


The Enemies 


Here are a few images of viruses 
that have infected Internet mail. 
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ble to new viruses during that time. 

One technique that attempts to close 
this gap is blocking technology that 
shuts down access to certain systems if 
it detects any initial virus activity. For 
example, JetBlue used Trend Micro 
Inc.’s signature-based ServerProtect, 
but it opted to add IronPort Systems 
Inc.’s C-Series antivirus and antispam 
device, which includes a blocking tech- 
nology called Virus Outbreak Filter. 
The filter quarantines suspect e-mail if 
it detects a new virus outbreak based 
on data from IronPort’s SenderBase 
e-mail monitoring network. 

Yet another approach to blocking 
viruses is heuristics scanning, which 
detects viruses by analyzing a file’s 
structure, behavior and other attribut- 
es instead of looking for a pattern 
match in the code. 

The bottom line, say experts, is that 
two or more defensive technologies — 
whether in different products or com- 
bined in one — are better than one. 

Just as using two types of antivirus 
or antispam software can increase 
your odds of catching malware, so, too, 
can locating defensive products at dif- 
ferent points on your network. Fire- 
walls, SMTP gateways, HTTP gate- 
ways, e-mail and file servers, and desk- 
tops are all good places to defend. 

Monrovia Nursery Co., a national 
plant and flower wholesaler in Azusa, 
Calif., recently added its fourth layer of 
security: an antispam and antivirus 
gateway from MailFrontier in Palo 
Alto, Calif. The new gateway comple- 
ments an existing firewall — which 
blocks attachments such as Visual 
Basic scripts — and antivirus software 
from Symantec on its e-mail servers 
and desktops. “It’s another layer of 
protection,” says Ray Martin, Mon- 
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rovia’s IS technical manager. “Redun- 
dancy and variety are good when it 
comes to e-mail security.” 

The main point of a multilayered de- 
fense, says Richi Jennings, a Ferris Re- 
search analyst, is to cover all of the po- 
tential points where a virus could en- 
ter. Too often, he says, companies think 
they’re immune to viruses, when in 
fact they’ve failed to cover a key point 
of entry. 

“You may feel you have a clean ar- 
chitecture, with virus scanning on the 
perimeter of the network,” Jennings 
says. “But if you’ve forgotten a vector 
— such as a laptop that has a virus and 
gets plugged into the company network 
— then suddenly you’ve got a bunch of 
infected machines because you didn’t 
put antivirus on the desktops.” 


USE AN OUTSIDE SERVICE. 

If you want a multitiered 

defense without having to 

purchase individual products 
and implement them, an outside anti- 
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virus and antispam service may be the 
answer. Companies such as Message- 
Labs Ltd. and Postini Inc. will intercept 
and clean your e-mail of viruses and 
spam before sending it to your e-mail 
server, thus sparing you the software 


| and hardware expense of scanning and 
processing your own e-mail. 


Internet service providers 
may offer antivirus and anti- 
spam filtering services to 
corporate clients. For exam- 
ple, virus and spam filtering 
at Bata Canada, a unit of 
shoe manufacturer and re- 
tailer Bata International, 
is handled by Bata’s service 
provider, Pathway Commu- 
nications in Markham, 
Ontario. 

One major advantage, according to 
Eli Gabbay, manager of IT technical 
support at Bata, is the ability to offload 
some of the administrative chores to 
Pathway. “I found [antispam and anti- 
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maintain it,” he explains. “Now the 
only thing I need to do is put any spam 
that gets through into a folder, and 
Pathway adds it to its database.” 

Typically, antivirus services use sig- 
nature-based scanning in combination 
with other approaches to optimize 
their success rates. And they 
clean up the e-mail before it 
ever reaches their customers’ 
servers. Some users are also 
turning to antivirus and anti- 
spam service providers to 
clean up their e-mail before 
it even hits their firewalls. 

Euro RSCG Worldwide, a 
New York-based internation- 
al advertising and marketing 
firm with 233 agencies, 
turned to New York-based Message- 
Labs for help in dealing with a rising 
flood of spam that threatened to over- 
load its e-mail servers. 

“We had more spam coming in than 


virus software] to be very complicated. | legitimate e-mail,” says CIO John Tan- 


It's been 1,356 days without a network problem. 
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ner. “It got to the point, last August, 
where we were going to have to in- 


| crease our hardware by 33%.” 


Euro RSCG tried blocking spam 
at the firewall with blacklists, but 


| that approach resulted sometimes in 


blocked mail from prospective clients 
whose addresses or e-mail servers had 
been hijacked by spammers. So the ad 
agency tried the MessageLabs service, 


which culls spam and viruses before 


sending the clean mail on. 
Of course, the company still uses 
antivirus software on its servers and 


| desktops to be safe. But so far, spam 
| has ceased to be a problem. “I don’t 

| have to manage any hardware or 

| software. I don’t have to worry about 
| upgrading hardware because spam 


has increased,” says Tanner. “Spam 


| has disappeared from the planet 


for us.” @ 55264 


| Hildreth is a freelance writer in 


Waltham, Mass. She can be reached 
at Sue.Hildreth@comcast.net. 
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INCREASED FUNCTIONALITY 
AND LOWER COMPONENT PRICES ARE 
MAKING MIDRANGE STORAGE AN 
ATTRACTIVE OPTION FOR MANY COMPANIES. 
BY LUCAS MEARIAN 


ATE LAST YEAR, Ameritrade l 
Holding Corp.’s IT depart- 
ment began ripping out its | 
high-end monolithic stor- | 
age systems and replacing 
them with less-expensive and more- 
modular midrange storage arrays. 

Asiff Hirji, CIO at the Omaha-based 
online brokerage, prides himself on 
having the most cost-efficient platform 
possible and says, “The performance in 
the midtier storage systems has come 
to the point where, for our 
needs, they do what we 
need them to do. We don’t 
need to spend the addi- 
tional money on the high- 
end systems. That’s made a 
big difference on our cost 
per gigabyte.” 

The saturation of the en- 
terprise marketplace with 
Fibre Channel storage-area 
network technology has Units sold 
forced vendors to look to 
midsize companies to fill 
their SAN orders. But in order to sell 
to that market, vendors have been 
forced to offer the same functionality 
that had been exclusive to high-end 
systems, industry experts say. 

High-end or monolithic arrays are 
housed in refrigerator-size cabinets and 
come with all the processing capacity 
they’ll ever have as well as a full set of 
feature functionality. High-end boxes | 
can cost more than $1 million. In com- 
parison, midrange or modular storage 
arrays range from $50,000 to about 
$300,000. Midrange arrays are housed 
in a rack and can start out as a low-end 
product and grow through the addition 
of controllers (processors) and func- 
tionality as business needs grow. 

For example, Hewlett-Packard Co. 
announced in March that for the first 
time its SAN-to-SAN fail-over capabili- 
ty can be added to its midrange Enter- 
prise Virtual Array (EVA) products. 
Other high-end functionality, such as 
data snapshots, data mirroring and 
data migration, is now commonly 
found in midrange arrays from most 
major vendors. 

“The pressure is on the high-end 
[systems vendors]. Users know the lev- 
el of sophistication has moved down- 





stream, and it gives them another op- 


” 


tion for storage,” says Tony Prigmore, 
an analyst at Enterprise Strategy 
Group Inc. in Milford, Mass. 

The trend downward is also revealed 
in vendor sales. EMC Corp. reported in 
its first-quarter earnings this year that 
its midrange Clariion line of storage 
arrays and related software saw more 
than a 40% revenue growth for the 
fourth quarter in a row. Meanwhile, its 
high-end Symmetrix array line went 
from 5% revenue growth four quarters 

ago to a 3% drop in rev- 
enue in the first quarter of 
this year. 

Mike Sink, director of 
network and operational 
infrastructure at the Kich- 
ler Lighting Group in 
Cleveland, a wholesale 


storage lighting and fixture compa- 
ernie ny that has customers in 


140 countries, replaced a 

high-end EMC Symmetrix 

array a year ago with a 

midrange EMC Clariion 
CX600 array with 12TB capacity in or- 
der to back up 30 Unix and 30 Win- 
dows servers. 


“The Clariion line has a lot of the 
same functionality that the Symmetrix 
has. The core functionality like repli- 


cation, cloning of disk, snap copies, _ ClO. AMERITRADE 
SAN mirroring. ... Those tools have 
Continued on page 30 
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Continued from page 28 
been offered at the midrange level, 
which is an advantage to us,” Sink says. 

Adding to the appeal of midrange 
systems is the plummeting price of Fi- 
bre Channel components, such as Ad- 
vanced Technology Attachment (ATA) 
disks, host bus adapters (HBA) and 
network switches, as well as vendor 
package deals that have placed high- 
functionality SANs well within the 
reach of midsize businesses. 

Josh Howard, an enterprise storage 
specialist at CDW Corp., a $5.7 billion 
technology reseller in Vernon Hills, 
Ill., says HBAs are less than half the 
price that they were two years ago and 
storage switches have also dropped to 
about half their former price. Those 
prices are wooing companies into buy- 
ing midrange SANs, which tend to be 
designed for companies with about 
1,000 employees or more. 

Howard says much of the pressure to 
reduce prices is coming from competi- 
tion from IP-based storage, such as In- 
ternet SCSI. 

“A lot of iSCSI vendors are bundling 
in host-based replication, and it’s at a 
much lower cost when you use iSCSI 
versus Fibre Channel,” Howard says. 

But performance continues to be an 
issue with iSCSI adoption. IP-based 
storage currently poses no real chal- 
lenge to Fibre Channel because Fibre 
Channel is still four times as fast as 
iSCSI, says Bob Passmore, an analyst at 
Gartner Inc. Fibre Channel is also far 
more reliable because it was built for 
storage subnetworks and not LANs 
like SCSI, he adds. 

But as iSCSI continues to creep up 
the data center food chain and the 
price of 10Gbit/sec. Ethernet drops, 
there will be increased pressure on 
Fibre Channel storage vendors to cut 
costs. And eventually, iSCSI could re- 
place Fibre Channel as the most popu- 
lar storage subsystem interconnect. 

Dan Harrison, a Unix systems ad- 
ministrator at the New York State Uni- 
fied Court System in Troy, N-Y., last 
year replaced a high-end EMC Sym- 
metrix array with several midrange 
boxes from Network Appliance Inc. 
because doing so gave him the choice 
of using network-attached storage, a 
Fibre Channel SAN or iSCSI. 

Harrison purchased a cluster of Net- 
App FAS960 arrays, a FAS250 and FAS- 
270 and a R200 NearStore array. He 
says he was won over to the midrange 
boxes in part because they came with 
software for taking snapshots of data 
for backups and can mirror data 
changes between arrays — features 
that had formerly been available only 
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on high-end systems like Symmetrix. 

“Our current storage environment is 
easier to administer. With respect to 
hardware, I can say our administration 
is simplified and our productivity is up 
as a function of that,” Harrison says. 
He also uses the iSCSI connectivity on 
the FAS960 to consolidate backup of 
the court system’s Linux, Unix and 
Wintel servers. 

One advantage of midrange arrays is 
that they allow companies to use rela- 


| tively low-cost ATA disks to build a 


tiered infrastructure internal to the 
box by using a combination of ATA 
memory and Fibre Channel or SCSI 
disks. Higher-end boxes have yet to 
offer that feature. 

Hitachi Data Systems Corp.’s Thun- 
der line of arrays, HP’s EVAs, NetApp’s 
FAS arrays and IBM’s DS4000 and 
DS8000 series arrays all have the 
option to use ATA disk technology. 


LEARNING CURVE 


One of the arguments against rolling 
out Fibre Channel is the complexity of 
the network. Most companies must hire 
Fibre Channel network administrators 
to configure and maintain the systems. 
Nowadays, however, many vendors 
are offering preconfigured SANs that 
are fairly easy to deploy. But preconfig- 
ured doesn’t mean cheap, analysts say. 
Joel Reich, senior director of prod- 
uct marketing at NetApp, said bundled 
SANs are being sold more for ease of 
configuration than for cost-cutting. 
“We’re not in the camp of trying to 
find out ways to knock pennies out of 
the cost of Fibre Channel. Fibre Chan- 


} nel will never get to the cost of Ether- 


net,” he says. 

Sink says Kichler Lighting’s Clariion 
came preconfigured with 16-port 
switches from Brocade Communica- 
tions Systems Inc. in San Jose and HBAs 
from Emulex Corp. in Costa Mesa, 
Calif. While there was a learning curve 
for his systems administrators, it was 
relatively small because the software 
tools are “very intuitive,” says Sink. 

“We didn’t have to hire a Fibre Chan- 
nel expert. It didn’t even require a net- 
work administrator. The Unix admin 
was able to connect everything and 
provision the storage,” says Sink, who 
has a staff of 25 IT personnel to manage 
storage for Kichler’s 600 employees. 

The Clariion CX600 was under 
$100,000, and with network hardware 
and management and replication soft- 
ware, the SAN cost about $300,000 for 
the original 4.5TB capacity. 

“You can buy a $50,000 SAN with 
4.STB of ATA disk or a million-dollar 
system with 4.5TB of Fibre Channel 





Bundled SANs available from 
vendors for under $100,000: 


EMC Clariion CX300 with Navi- 
sphere Manager, 4TB storage, an eight- 
port Fibre Channel switch and eight 
HBAs: $87,000 


EMC Clariion CX500 with Navi- 


sphere Manager, 2TB storage, eight- 
port switch and four HBAs: $82,000 


@ HP EVA 3000 array with 1.21B ca- 


pacity, multipathing and management 
software: about $32,000 


@ NetApp FAS2700 with iSCSI, FCP 
and CIFS protocols, 6.3TB Fibre Chan- 


$700 to $1,200 


@ Fibre Channel switches: 
$3,500 to $9,000 for entry- 
level models with eight to 16 
ports. Models with 32 ports run 
from $16,000 to $22,000 


SOURCE: CDW CORP. 
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disk. It just depends on the compo- 
nents you put in there,” Sink says. He 
adds that it’s also important to project 
your data volume growth for about 36 
months and make sure your equipment 
will meet your needs. 


WAIT A MINUTE 


Passmore acknowledges that midrange 
storage systems are a great buy. “They 
are cheaper on a dollar-per-gigabyte 
basis,” he says. But, he warns, there are 
a lot of misconceptions about the true 
affordability of midrange storage sys- 
tems, particularly when it comes to 
their ability to fulfill large enterprise 
needs. 

“Midrange arrays are smaller and 
have less inherent horsepower than 
high-end arrays,” Passmore says. “If 
you're building a large, complex envi- 
ronment, you’d need more of those 
smaller arrays, which means you'll 
have more to manage. You don’t build 
volumes across arrays, you build them 
across a single array.” 

And unlike midrange arrays, high- 
end arrays such as EMC’s Symmetrix, 
Hitachi’s Lightning and IBM’s Shark 
come with multiprotocol connectivity 
for Ficon and Escon mainframe con- 
nectivity as well as iSCSI. Midrange 
arrays are usually dedicated to one 
protocol only. The only exception to 
that rule in the midrange market is Ne- 
tApp, which offers high-end Ficon, Es- 
con and iSCSI connectivity on its FAS 
line of arrays, Passmore says. 

Another area in which high-end 
arrays beat out midrange arrays is in 
asynchronous or synchronous long- 
distance replication of data, which re- 
quires consistency checks, or the abili 
ty to ensure that data sent across long 
distances is consistent with the origi- 
nal data. 

In the past 18 to 24 months, vendors 
have pioneered significant advance- 
ments in long-distance replication in 
their high-end arrays. It’s now possible 
for high-end arrays to maintain consis- 
tency across large applications running 
SAP or Oracle on 20 or more servers, 
says Passmore. 

To maintain an application’s perfor- 
mance over long distances, the appli- 
cation must go ahead of the remote 
copy of data, and that requires a sub- 
stantial buffer or cache. “Midrange ar- 
rays can’t do this,” he says. 

The bottom line, Passmore says, is 
that for many users that need shared 
storage, either midrange or high-end 
arrays fit the bill. But for very high 
scalability and performance, midrange 
systems continue to lag behind their 
bigger brothers. @ 55256 
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IDS Pays Off, Even if 


There’s No Hacking | 


System shows its value again as the security 
team sets out to mitigate the effects of a 
nasty worm. By Mathias Thurman 


HEN I CAME INTO 

work after the 

weekend, a very 

interesting e-mail 
message was waiting for me. 
The message, with the subject 
line “Account Alert,” appeared 
to be from our help desk. It re- 
quested that I read an attached 
document pertaining to my 
user account. 

The attachment was named 
“account-info.exe.” 
This was very alarm- 
ing. We have invested 
heavily in various 
technologies to pre- 
vent e-mail with exe- 
cutable file attach- 
ments from making it 
through our external mail 
gateways, but it looked like 
one had gotten through. My 
fears were validated when oth- 
ers in the IT department said 
that they had received the 
same e-mail. Of course, a good 
percentage of the folks in the 
IT department know that 
executable file attachments 
should never be opened, since 
they are often used as vehicles 
for distributing malicious 
code. Unfortunately, there is 
apparently a substantial num- 
ber of employees in our com- 
pany who either didn’t know 
this or were fooled into believ- 
ing that the e-mail originated 
from a trusted source. 

The timing of this message 
couldn’t have been worse. As 
part of the process of synchro- 
nizing our user accounts, we 
have been sending out official 
communications to our users 
regarding the upcoming reset- 
ting of passwords. So users 
have grown accustomed lately 
to seeing important e-mail 
from the IT department. This 
e-mail didn’t follow the offi- 
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| cial company communications 
| format, but a lot of users did- 
| n’t pay much attention to that. 
| The result: Lots of users 
| opened the attachment, and 
their machines got infected. 
After we analyzed the at- 
tachment, we realized that our 
network was infected with the 
W32.Mytob.DP@mm worm. 
This worm is nasty. It does a 
lot of the usual stuff, such as 
adding entries to the 
host file, registry 
keys, services and so 
on. But it also in- 
cludes its own mail 
relay, which allows 
it to find e-mail ad- 
dresses, distribution 
lists and address books locat- 
ed in popular e-mail programs 
and send e-mail, including 
that executable attachment, to 
everyone it can find. In this 
way, it replicates itself. But 
| W32.Mytob.DP@mm also at- 
tempts to open an Internet Re- 
lay Chat session within a cer- 
tain chat room. If the worm is 
successful in connecting to 
the chat room, it sits idle, 
waiting for a command from 
the IRC server. This command 
can cause the infected system 
to download files or conduct 
other malicious activity. 
I’ve seen such worms install 
keystroke-capturing programs 
and periodically send the key- 


| couldn’t remember 
the last time our 
IDS was used to 
catch a hacker. 








| stroke information to the IRC 


server. That sort of activity 
wasn’t observed in this case, 
but its potential to damage 
the company was still high. 

The problem with worms 
like this is that traditional 
virus-protection software 
rarely detects them. We usual- 
ly don’t find out about worms 
or Trojan horses until we get a 
call from our network engi- 
neers complaining about ex- 
cessive bandwidth or latency 
problems, or when the help 
desk informs us that it’s get- 
ting bombarded by calls from 
employees whose desktops 
aren’t working properly. 

To deal with this latest 
worm, our intrusion-detection 
system guru simply looked for 
outbound, external connec- 
tions to Port 4512, which is the 
rogue IRC port that we deter- 
mined was waiting for infect- 
ed machines to “call home.” 
When we identified traffic 
connecting to that port, we 
could then trace the IP ad- 
dress back to a switch port. If 
the IP address was that of a 
desktop, all we had to do was 
disable the switch port until a 
help desk technician could be 
dispatched to remove the 
worm. The help desk put to- 
gether a script that goes 
through an infected desktop 
and removes all the actions 
that the worm has initiated. 

After this incident was 
somewhat resolved, I had an 
interesting conversation with 
a couple of my security engi- 
neers. We talked about the 
current use of the IDS. Several 
years ago, we deployed the 
IDS to watch for signs that a 
hacker was attempting to 
compromise our network. 
Among other things, we 
looked for various types of 
buffer overflow exploits, port 
scans, denial-of-service at- 
tacks and other attempts to 
take advantage of a publicly 


| advertised weakness in some 
application. 

But I noted that in the past 
several years, our IDS has 
been used more for detecting 
policy violations (such as 
the use of peer-to-peer file 
downloading and chat rooms) 
and tracing malicious code 
(worms, Trojan horses and 
viruses). I couldn’t remember 
the last time our IDS was used 
to catch a hacker targeting our 
company via a buffer overflow 
or other sophisticated attack. 
We still configure our IDS 
rule base to look for those 
types of signatures, but we 
really haven’t seen anything 
substantial. 

Most of the time, the worst 
thing that happens is that our 
external network is constantly 
being probed by hundreds of 
suspect IP addresses every 
hour. We used to try to con- 
tact service providers to let 
them know that someone 
within their network was 
probing us, but we never got 
any type of disposition, so we 
limit the complaints to only 
the top offenders. 

Our IDS infrastructure cur- 
rently monitors about 98% of 
our network. We are constant- 
ly getting calls from the net- 
work team, help desk staffers 
and desktop support people to 
assist them with monitoring 
and analyzing network traffic 
and to help them discover 
malicious activity on the net- 
work. The IDS might be our 
most valuable and prized 
piece of infrastructure, and it’s 
probably saved the company 
hundreds of thousands of dol- 
lars in support calls and un- 
needed resources. 

The next step is to get a ro- 
bust event management infra- 
structure and automate much 
of what we do, so that we can 
offload a lot of this activity 
to the newly created security 
operations team. DB 


WHAT DO YOU THINK? 


This week's journal is written by a real secu- 
rity manager, “Mathias Thurman,” whose 
name and employer have been disguised for 
obvious reasons. Contact him at mathias_ 
thurman@yahoo.com, or join the discussion 
in our forum: QuickLink a1590 
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Security Bookshelf 
@ Layer 2 VPN Architectures, 
by Wei Luo, Carlos Pignataro, 
Anthony YH Chan and Dmitry 
Bokotey (Cisco Press, 2005). 
This is a timely 

release for us, 

since we're con- 

verting our net- 
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improve network security and performance. 
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DEFINITION 
Asynchronous JavaScript and XML (AJAX) is 
an approach to developing Web applica- 
tions in which client Web pages are modi- 
fied asynchronously and incrementally 
rather than being replaced entirely every 
time an update is needed. 


BY JAN MATLIS 
LTHOUGH THE ACRONYM 
AJAX is fairly straightfor- 
ward, derived from Asyn- 
chronous JavaScript and 
XML, it’s significant 
because it captures 

a paradigm shift in the delivery 

of Web page content. 

The AJAX approach to Web 
content delivery speeds up the 
user interface. The long wait 
for an entire page to refresh froma 
Web server isn’t necessary in an AJAX- 
based application. Only that part of a 
Web page that needs to be updated is 


gut 


altered, and the update is done locally, 


| if possible, and asynchronously. 


The user can continue to interact 
with the Web page while JavaScript 


on the client minimizes interactions 


with the server, and informa- 
tion passing between client 
and server is done in the 
background. 

For developers not yet 
using AJAX, any change to a 
Web page requires a full 
client/server interaction. For example, 
a request to insert a newly typed 
item into a list (say, an additional DVD 
selection into a Web shopping cart) 
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The traditional model for 


Web applications (left) compared 
with the AJAX model (right). 


se cme il 


Server-side systems 


see Reel 


Rtg oi 
call 


nL ess) 
data 


Server-side systems 


ACH TO WEB APF 


URCE: AJAX: A NEW APPR: 


so 





requires a series of steps: After the 
new item name (the DVL title) is 
entered into a form, it’s passed back 

to a server. The server then generates 
a new Web page. That page is transmit- 
ted back to the client, and the client’s 


| entire Web page screen gets refreshed. 


The URL at the top of the Web page 
reflects the transaction that has just 
occurred. 


Interact Locally 

In contrast, in an AJAX-based Web 
application, the interaction looks like 
this: The user types a new item into an 
input box. JavaScript, running on the 
user’s computer, inserts the item into 
the list and refreshes only a few lines 
of the Web page. The server is entirely 
cut out of the interaction, and the URL 
at the top of the Web page doesn’t 
change. 

Even if client/server interaction had 
been needed, say, to retrieve the latest 
discount price for the DVD, that could 
have been done interactively, and the 
response time of the user interface 
would have been more like that of a 
program running solely on the local 
machine. 

The AJAX acronym was born on 
Feb. 18, 2005, when it first appeared in 
a paper titled “Ajax: A New Approach 
to Web Applications” [QuickLink 
a6430], which was written by Jesse 
James Garrett, a founder of Web con- 
sultancy Adaptive Path LLC. The term 
has generated a lot of buzz among de- 
velopers and bloggers so far this year, 
but it’s only the name that’s new. 

In his essay, Garrett points to exist- 
ing Google applications — Google 
Groups, Suggest, Maps and Gmail — 
as examples of the new paradigm in 
Web interaction design. Google Maps 
doesn’t jerk and stall as a user pans the 
field of view across an apparently lim- 
itless map. The older paradigm re- 
quires the user to click on an arrow in 
the requested panning direction, which 
is followed by an hourglass hiatus 
while the map server creates the de- 
sired view and downloads it to the lo- 
cal machine. 

The following technologies and pro- 
tocols used in AJAX had been around 
for a while before Garrett specified 
them in his essay: 


XHTML and Cascading Style Sheets 
(CSS) for presentation. 

Document Object Model for 

dynamic display. 

XML and Extensible Stylesheet Language 
Transformations for data interchange. 
Microsoft’s XMLHttpRequest for 
asynchronous client/server 
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AJAX: 


MVC Redux 


eeeecse eeees 


Some people who follow development 
trends bristle at the suggestion that 
AJAX is anything new, despite the re- 
cent coinage of the term. For them, 
AJAX is just the most recent incarna- 
tion of a model-view-controller (MVC) 
architecture for building applications. 
The roots of MVC can be traced back 
to 1979, when Trygve Reenskaug, a 
researcher working on the Smalltalk 
language at Xerox Corp.'s Palo Alto 
Research Center, first described the 
architectural pattern and its benefits. 

MVC separates an application's 
data model, user interface and control 
logic into three distinct components, 
or objects. This means that modifica- 
tions to the view component (usually 
the user interface) can be made with 
minimal impact to the data model. The 
data model is the domain-specific 
representation of the information on 
which the application will operate. 

The controller mediates between 
the data model and the view. It re- 
sponds to events, which are usually 
actions by users, and changes the 
view or model as appropriate. 

The primary benefit of the MVC ap- 
proach is that it increases the respon- 
siveness of the view component while 
maintaining the stability of the data 
model - no mean feat, given the 
event-driven characteristics of the 
modern graphical user interface. 

Since it requires the separation of 
the model and the controller from the 
view component, the MVC design also 
promotes platform independence for 
programs. The programmer can im- 
plement the data model and the con- 
troller in a cross-platform language 
like C or C++. The toughest part of 
porting the application to a new oper- 
ating system then becomes redesign- 
ing the view. Use of the OS-specific 
language is then limited to controller 
notification of user events and 
changes in the data model. 

MVC and its offspring, such as 
AJAX, are viewed by many as the 
most promising means of unraveling 
the complexities of Web application 
development. 

- Tommy Peterson 
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interaction. 
JavaScript to run commands 
on the client machine. 


Until recently, however, 
some crucial pieces weren’t in 
place to bring the technolo- 
gies together. As Adam Bos- 
worth, vice president of engi- 
neering at BEA Systems Inc., 
wrote in a recent blog on the 
subject, “The physics didn’t 
work in 1997.” Without the 
wide adoption of broadband, 
Bosworth points out, down- 
loading the required 
JavaScript for local control 
(often as much as 10,000 to 
20,000 lines of code) took 
too long. 

In addition, until a few years 
ago, processors ran too slowly 
for JavaScript. Even if the 
physics had worked, until re- 
cently the same code couldn’t 
have run on all Web browsers, 
Bosworth says. 

Finally, or perhaps most im- 
portant, in Bosworth’s estima- 
tion, personal applications like 
Google Maps and Gmail were 
in the minority of Web appli- 
cations and were in less wide- 
spread use five or six years 
ago than they are today. 


Some Limits 


Not all applications may be 
right for the AJAX approach. 
Skeptics frequently cite 
“breaking the Back button” as 
a serious problem. Because 
AJAX allows Web pages to be 
modified locally and/or incre- 
mentally, clicking on the Back 
button doesn’t necessarily re- 
turn a user to the previous 
page. The Back button may 
take the user all the way back 
to the beginning of a long in- 
teraction — the one specified 
by the URL shown at the top 
of the Web page. 

For the same reason, the 
URL at the top of the Web 
page doesn’t completely spec- 
ify the contents of a page, so it 
may be impossible to book- 
mark desired pages or share 
URLs so that others may see 


Are there technologies or issues you'd like 
to learn about in QuickStudy? Send your 
ideas to quickstudy@computerworld.com 


To find a complete archive of our 
QuickStudies, go online to 
@ computerworld.com/quickstudies 
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the same Web content. And 
asynchronous updates, as 
blogger Alex Bosworth (son 
of Adam Bosworth) and oth- 


| ers have pointed out, mean 


that a Web page could adjust 
its shape, layout or length 
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| unexpectedly. 


Despite those drawbacks, 


| AJAX has generated real ex- 
| citement with its promise of 


more-responsive Web interac- 


| tions. Garrett ends his essay 
| with this Utopian vision: “The 


| biggest challenges in creating 
| Ajax applications are not tech- 


nical. ... The challenges are 


| for the designers of these ap- 
plications: to forget what we 

| think we know about the limi- 
| tations of the Web, and begin 


courarerwonn do t.205 SD 


to imagine a wider, richer 
range of possibilities.” 

@ 55262 

Matlis is a freelance writer in 
Newton, Mass. He can be reached 
at jmtgpcmcm@aol.com. 


VIRUSES CAN REPLICATE 1,000 TIMES A MINUTE. 


How fast can you install a patch? 
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Antivirus protection is a never-ending race against time. And the 


bad guys get faster everyday. Good thing Websense software fills 


the time and technology gaps that existing antivirus and security 


solutions can’t address. Close the 


\ WJVEBSENSE. 


SECURING PRODUCTIVITY.. 
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Calendaring App 
For Smaller Firms 


® Calendaring and scheduling 
software vendor Meeting Maker 
inc. has released Meeting Maker 
for Outlook, which is designed to 
allow small and midsize compa- 
nies to run Microsoft Outlook 
without using Microsoft Exchange 
servers. The release offers Out- 


look’s standard calendaring capa- | 


bilities and lets users schedule 
single or recurring meetings in 
real time, schedule resources re- 
quired for a meeting and see cal- 
endars in multiple views, said the 
Waltham, Mass.-based company. 
The software starts at $949 for a 
10-user license. 


Dell Adds Switch 
To Blade Servers 


® Dell Inc. has added McData 
Corp. 4314 Fibre Channel 
switches to its blade server line, 
the Dell PowerEdge 1855. The 
switch was designed to ease 
storage-area network deployment 
in blade server environments, 
said Dell. Fibre Channel traffic is 
aggregated in the switch from a 
daughtercard port on each blade 
server to four uplink ports that 
connect directly to Dell or EMC 
Corp. storage devices or to addi- 
tional Fibre Channel switches. 
Pricing for a single switch begins 
at $8,999. 


SmartDB Releases 
Tool for Oracle 


= SmartDB Corp. in Menlo Park, 
Calif., has announced a new 
browser-based tool called Repor- 
tal. The software allows users of 
Oracle E-Business Suite applica- 
tions to define queries and decide 
how and when query results are 
delivered, said the integration 
software maker. By creating an 
abstract layer of configurable 
business modules, SmartDB 
Reportal organizes complex data 
structures into meaningful “cap- 


sules” that are accessible to non- | 


technical users. The product is 
shipping now and starts at 
$30,000 per server. 
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More Data Makes 
Your Business Grow 


HE JOB of IT departments can be concise- 
ly described as having two parts: manag- 
ing data and advising business people 
about how the data could be used. 
As a general rule, there’s little question 
as to what data might actually be involved in either of 


those functions. But the ex- 
ceptions to that rule tend to 
be both intellectually stimu- 
lating and economically im- 
portant. In surprisingly 
many cases, the use of new 
data sources can provide a 
huge boost to business prof- 
itability and success. 

Examples abound in both 
the transactional and ana- 
lytic arenas. On the trans- 
actional side, some of the 
biggest opportunities lie in 
the tracking of products and other 
physical objects via radio frequency 
identification (RFID) or, in some cases, 
more active mobile devices. Indeed, if 
you're in an industry such as retail, dis- 
tribution or transportation, that’s prob- 
ably a top-of-mind issue for you and a 
major part of your company’s medium- 
range capital budgeting. Also, compa- 
nies in more and more industries are 
developing miniature commodity- 
trading desks and bringing in invest- 
ment transaction data to support them. 

Less obvious, yet potentially even 
more important, are the possible 
sources of new analytic data. There’s 
data that’s already available for you to 
collect, data that you can buy and en- 
tirely new data that you would have to 
create. There’s conventionally struc- 
tured data, unconventionally structured 
data and data that’s barely structured at 
all. The possibilities are varied enough 
that if you don’t take the time to think 
them through, you may well miss a 
company-changing opportunity. 

In some cases, you just have to notice 
data that has already fallen into your 





lap. Search-engine logs tell 
you of customers’ questions 
and interests in their own 
words. General Web-visitor 
logs give you similar in- 
sight. You may have a lot of 
customer satisfaction and 
product-quality data sitting 
around to be text-mined 
from warranty claims, cal! 
center reports and the like. 
And if a solution could be 
found to the privacy issues, 
even more information 
could be gleaned by voice-mining actu- 
al telephone conversations. 

In other cases, you can obtain valu- 
able data from third parties. The best- 
known example is consumer data from 
credit reporting companies, which can 
be used for a variety of CRM purposes; 
many other kinds of data can be used 
similarly. Away from CRM, medical 
researchers want to look across data 
banks of patient records to develop new 
treatment insights without the cost, de- 
lay or danger of conventional clinical 
trials. (The privacy problems around 
this kind of research can and will be 
solved soon.) 

But the really mind-blowing possibil- 
ities arise when enterprises deliberately 
set out to create and capture data for 
the primary purpose of using it analyti- 
cally. Here are some examples: 

Loyalty cards, especially in gaming. The 
casino industry has been transformed 
by those cards you use to tell the casino 
what you’re doing and to collect re- 
wards. Both when you’re on the premis- 
es and when you're home, casinos mar- 
ket to you very precisely based on that 





information. Of course, this involves 
massive data mining, but a huge fraction 
of the casinos’ profits comes from it. 

Location-based analytics. There’s some- 
thing Big Brotherish about supermarket 
shelves that know who you are and 
make offers accordingly, but that tech- 
nology is being tested and deployed to- 
day. Wide use of RFID will greatly ex- 
pand its scope. Privacy concerns do 
need to be overcome, but experience 
shows that consumers can be bribed 
into giving permission for this type of 
effort in return for personally targeted 
marketing offers. 

Extra customer feedback. Smart compa- 
nies should and do knock themselves 
out to get extra feedback to use in CRM 
and product quality analysis alike. Here 
are some ideas for getting that feed- 
back: extra incentives for submitting 
warranty/registration cards; online sur- 
veys with prizes/bribes for participat- 
ing; outbound phone calls to customers; 
forums and other community-building 
efforts; and better customer service of 
any kind (online or over the phone), in- 
ducing customers to consume more of 
it and hence communicate better. 

Price/offer testing. Marketers have long 
been disciplined to test multiple prod- 
uct prices and offers to see what is 
most successful. Analytics in support of 
these tests make the testing more valu- 
able. You can’t estimate demand elas- 
ticity if you make offers at only one 
price point. 

These examples are concentrated in 
CRM and product quality for a good 
reason — those are the main areas of 
business where statistical analysis 
flourishes. As the scope of predictive 
analytics expands, the opportunities for 
profitable data-creation strategies will 
do so as well. @ 55395 


To learn more about this subject, please visit our Web site 
and read Curt A. Monash’s blog: 
www.computerworld.com/blogs/node/512 


Want our opinion? For more columns, go to: 
www.computerworld.com/opinions 
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analytics? Apply to attend Computerworld’s 
complimentary” half-day IT Management 
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Enterprise analytics enable companies to 
make timely fact-based decisions using 
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organization. By fully leveraging data, 
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users of enterprise analytics go beyond 
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SK MOST IT managers why their 
x organizations don’t regularly con- 
4 duct postmortem reviews on 
| j e completed IT projects, and the 
} > typical response is, “We'd like to, 
f 5 but we just don’t have the time or 
& =. resources.” 
But that hasn’t stopped organizations such as the 
Chicago Mercantile Exchange and Solo Cup Co. from 
f regularly reviewing at least a portion of their com- 
BY THOMAS HOFFMAN pleted IT projects. And while some of the reviews 
are done to see if a project met its anticipated objec- 
_ 4 tives, many postmortems are conducted simply to 


determine what the project teams could have done 
better. 





In this age of austerity, either objective can be a 
win for IT as postmortems prove the business value 
of projects or boost continuous improvement efforts. 

“Each year, you want to do better than the previ- 
ous year” in terms of project planning and project 

| portfolio management, says Carl Stumpf, director of 
project and financial controls for the technology di- 
vision at Chicago Mercantile Exchange Inc. (CME). 

But Stumpf is in the minority, according to Gartner 
Inc. Just 13% of Gartner’s clients conduct such re- 

| views, says Joseph Stage, a consultant at the Stam- 


ford, Conn.-based firm. 


6‘ 5 There are a variety of reasons why postmortems 
A POSTGAME PROJECT ANALYSIS By aren’t conducted, and some of them are defensive. “If 
z| the projects didn’t accomplish what you set out to 


KEY PLAYERS iS WORTH THE FFFORT do, no one wants to go back and disclose that,” par- 
“ 2] ticularly if such discoveries end up negatively im- 


pacting a project manager’s performance review, says 
Tom Bugnitz, a consultant at Arlington, Mass.-based 
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POSTMORTEM PLAYBOOK 


WHY THEY'RE DONE: The reasons vary among organiza- 

tions, but postmortems are often done at the request of busi- 
ness sponsors to determine whether projects met business 
goals. Sometimes they're launched by the IT department as a 
lessons-leamed/continuous-improvement exercise. Occasion- 
ally they're initiated to get wayward projects back on track. 


WHEN THEY'RE DONE: They're typically conducted 30 to 
90 days after a project has gone into production. 

WHO'S IN CHARGE: Generally, the IT department's project 
management office takes the lead. 


WHO CONDUCTS THEM: Often, quality assurance mana- 
gers or project managers who weren't involved in the project 
Quide the effort. 


Cutter Consortium and a partner at The Beta Group, 
a St. Louis consulting firm. 

Ironically, the IT groups that need postmortems 
the most are probably the least likely to perform 
them. The notion of conducting a postmortem 
“would be viewed as a time sink” for an IT organiza- 
tion with immature project management capabilities, 
since it wouldn't be able to fully grasp the value to 
be gained. says Margo Visitacion, an analyst at Cam- 
bridge, Mass.-based Forrester Research Inc. 


Seeking Returns 


But postmortems can pay off for companies that ex- 


pend the time and resources to execute them properly. | 


When the CME, a predominantly electronic fu- 
tures exchange, went public in 2002, that placed “a 
lot of the risk on our side” in IT, says Mark Bennett, 
associate director of the project and financial con- 
trols group. To help mitigate some of that IT risk, the 
CME began conducting postmortem reviews on its 
two-dozen largest IT projects in late 2003. 

The exchange uses enterprise portfolio manage- 
ment software from Newport Beach, Calif.-based 
Artemis International Solutions Corp. to help project 
teams go back and evaluate their original objectives, 
risks and assumptions and determine whether pro- 
jections for resources, capital and contractor fees 
were estimated accurately, says Bennett. Those steps 
enable the CME’s project sponsors to better under- 
stand the financial constraints the technology divi- 
sion’s project group faces and help them to better 
balance risk and prioritize projects. 

The reviews have also helped the CME’s project 
teams determine how to improve future iterations of 
software development projects, says Peter Barker, 
director of interest-rate products for the exchange 
and a business sponsor of IT projects. 

He points to an enhanced options system that 
went live last August that enables the exchange’s 
market makers to trade euro/dollar options on com- 
puter screens. One of the “thousand little things” that 
have come out of that project’s review were recom- 
mendations made by market makers to improve an 
application programming interface that allows them 
to send “streaming” prices to trading screens, says 
Barker. Those improvements were put into produc- 
tion in February, he adds. 





WHO IS INTERVIEWED: If the postmortem is technically 
focused, the interviews are usually restricted to IT project 
team members such as developers, testers and project 
leaders. If the postmortem is focused on the achievement 
of business goals, business sponsors and users are often 
included as well. 


WHAT KINDS OF QUESTIONS ARE ASKED: Was the proj- 
ect delivered on time, on budget and within scope? Did it 
meet the business sponsor's expectations? What went 
well? What didn’t? What could have been done better? 


HOW LONG DOES IT TAKE: It's usually completed within a 
few weeks. 
~ Thomas Hoffman 


But sometimes it takes a while to get the post- 
mortem process right. Meijer Inc., a Grand Rapids, 
Mich.-based chain of grocery stores, began conduct- 
ing postmortem reviews on some of its IT projects 
after it formally launched a program management of- 
fice (PMO) seven years ago, says IT program manag- 
er Jim Morse. But the practice was abandoned after a 
few years when the review process became “too 
picky,” he recalls. 

“We were trying to do metrics and measures and 
turn it into a scorecard, and it got kind of scary,” says 
Morse. That’s because the review process at that 
time was focused too much on metrics and failed to 
evaluate some of the softer but equally important as- 
pects of project success that can’t easily be measured, 
such as trust, commitment and reliability, he says. 


THE 
DRILL 


to be both subjective and objective. 


= Make sure the facilitators steer 
clear of finger-pointing. 


= Be sure the 
reviewers under- 
stand the value of 
the exercise and 
what the expecta- 
tions are. 








= Have an independent project manage- 
ment office supervise the reviews. 
Otherwise, peer reviews tend to favor 
the styles of the reviewers. 





= Include project team members, end 
users and business sponsors among 
the interviewees. 





= To avoid surprises during the review, 
conduct periodic audits while the project 
is under way, focusing on aspects such 
as the timeline, budget and scope. 


« Collect information throughout the 
project life cycle to help lighten the load 
at review time. 





- Thomas Hoffman 
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The project reviews have since been restarted and 
are now focused on more-qualitative measures: what 
went well, what didn’t go well, what could have been 
done better and what steps could have been taken to 
improve a project’s quality. 

Meijer’s PMO conducts postmortems on only 
some of its IT projects, since “we just don’t have the 
bandwidth” to examine all of them, says Morse. 
Sometimes they’re done at the behest of senior man- 
agement to determine whether a big project met its 
business objectives. Morse will also occasionally 
conduct a review of a project in progress if he thinks 
it’s running off track. 


No Scapegoats 


One of the big challenges in postmortems is to con- 
vince project managers that they aren’t being made 
scapegoats for problems that might have arisen. 

“The first reaction is, ‘Oh, my project is a failure 
and now they want to nail me,” says Morse. “But 
it’s not an ‘I gotcha’ game.” Used properly, post- 
mortems are an opportunity to review the strengths 
and weaknesses of how a project was handled and 
learn from them. 

IT project teams at Solo Cup started doing post- 
mortem reviews two years ago on roughly 20% of the 
company’s IT projects. The reviews give IT a “grass- 
roots perspective” on problems that have cropped up 
and help to determine what could have been done 
better, says Richard Wolfson, senior manager of IT 
quality assurance at the Highland Park, Ill.-based 
maker of disposable tableware. 

At Solo Cup, the quality assurance person who is 
assigned to the project runs the review, says Wolfson. 
Most of the reviews examine technical issues: Was 
project planning done effectively, and was it well 
coordinated with business users? Did testing follow 
the proper procedures? Were system defects caught 
quickly during the development phase and resolved? 

If there are only technical issues to resolve, busi- 
ness sponsors are typically left out of the review, says 
Wolfson. But in about a quarter of the cases, their in- 
put is expected to help, so discussions with the busi- 
ness sponsors are included as part of the process. 

The CME’s Stumpf says that aside from helping to 
mitigate IT risk and improving IT product iterations, 
his reviews have yielded additional benefits, includ- 
ing increased visibility for the IT department. 
“There’s a subtle benefit to it,” he says. Business 
managers buy into IT projects much more, because 
postmortems give business sponsors a clearer pic- 
ture of what the IT project group is doing. 

Postmortems can also bring unexpected benefits. 
Last year, Meijer’s PMO reviewed a big replenishment 
system project. The review included interviews with 
the vendors involved. And although its results weren't 
particularly surprising, it did lead to changes in rela- 
tionships with some of the vendors, says Morse. 

But perhaps the most important benefit is one that 
occurs before the postmortem even begins, says The 


Beta Group’s Bugnitz: 
INSTANT REPLAY 


“It forces people to 

place greater attention 

on achieving the de- Royal Caribbean has opted against 
conducting postmortems in favor of 
phase reviews throughout each project: 


sired benefits at the 
@ QuickLink 55179 


front end of the proj- 
ect.” @ 55229 www.computerworld.com 
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says that while the “discretionary” section of an IT budget can be a frustrating place for 
technical staff and the business units, “it’s also a place where IT has.a chance to improve its reputation 


OVEeTTAnce 


The discretionary budget 
is ano man’s land 
that can breed hostility 
between IT and business. 
Here's how one IT group 
brought order to the 

chaos. 


ETWEEN the large strategic 
projects and ongoing sup- 
port in your IT budget is 
the “discretionary” section. 
The middle is often a safe 
place to be, but not so in 
the IT budget. This section 
funds business requests 
that occur throughout 
the year, things like creating reports, 
changing screen layouts or building an 
interface between two systems. While 
the middle can be a frustrating place 
for technical staffers, it’s also a place 
where IT has a chance to improve its 
reputation. 

In many companies, the consolida- 
tion of IT staffs into smaller, centralized 
groups has made discretionary work a 
big issue. Business units that no longer 
have dedicated IT groups must com- 





pete for staff time to implement discre- 
tionary projects. The IT staff needs to 
address these requests while also im- 
plementing strategic projects and sup- 
porting current applications. The re- 
sult is often benign neglect, with the 
IT staff delaying its assessment and 
implementation of requests and busi- 
ness units feeling stifled and ignored. 
What’s needed is “grass-roots gover- 
nance,” a system for receiving and proc- 
essing discretionary work. Here’s how 
we created a governance structure for 
eliminating weak and unaligned dis- 
cretionary IT projects while helping to 
identify and implement effective ones. 


ELIMINATE THE OLD. Our requests for 

discretionary work were informal and 

tended to evolve through a series of 
Continued on page 44 
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Continued from page 42 

difficult and inefficient meetings, 
phone calls and e-mails. There was no 
process or criteria to use in judging re- 
quests, and business customers consid- 
ered any attempt to reject one or lower 
a request’s priority to be hostile. 

We first consolidated all requests 
and solicited any pending requests that 
weren't yet submitted. Then we elimi- 
nated about a third of them because 
they were redundant, outdated or irrel- 
evant. This created a starting point for 
both IT and business staffs. 


EXPLAIN YOUR REASONING. The business 
people remembered earlier attempts to 
rank and implement technology proj- 
ects, and those memories weren't good, 
partly because early efforts relied ex- 
cessively on executive-level communi- 
cations. This time, we targeted our 
communications to the people request- 
ing our services — the middle manage- 
ment and staffs of the business units. 
We explained our need to better al- 
locate time, money and staff and our 
mutual obligation as employees to en- 
sure that all projects aligned with com- 
pany priorities. To get a consistent set 
of information from all business units, 
we told them we needed to implement 
a new process and would require a 
standard form for all submissions. 


KEEP IT SIMPLE. We designed a basic 
form — a Word document laying out 


the minimum information we needed to | 


objectively evaluate each request. (We 
later migrated this to an online system.) 
The form required the requester to ex- 
plain how the project would increase 
revenue, reduce costs, comply with the 
law or simplify doing business. 


SELL IT. Then we sold the benefits of 
the new process to the business by 
making the following points: 
= It would become the standard way for 
business people to submit work, eliminat- 
ing their confusion and frustration over not 
knowing how to present their requests. 
= It would save both groups time by elimi- 
nating the meetings and e-mails previous- 
ly required to define discretionary work. 
® it would provide them with an official ac- 
knowledgment that IT had received and was 
considering their requests, eliminating the 
need for constant follow-up meetings to en- 
sure that their projects were addressed. 
We told the business people that we 
needed requests for all work, including 
projects that they simply assumed 
would get done. This process forced 
the business side to recognize the work- 
load impact of annual projects that 
were previously an invisible contribu- 
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tion by IT, like generating W-2 forms. 


MAKE THEM PARTICIPATE. Making busi- 
ness staffers write their own work re- 
quests was a big change. We explained 
that this wasn’t an attempt to dismiss 


| their needs but a way for them to justi- 


fy the work they wanted us to do. Using 
a form also made them define the prob- 


| lem instead of specifying a solution. 


To assist them, we created seven 
general categories, or queues, called 
IT Programs and appointed a project 
manager as a single point of contact 
for each one. The queues are broad 


| enough to encompass several depart- 


ments. For example, Finance includes 
areas like budgeting, accounts payable 
and accounts receivable. Associate 
Services includes human resources, 
payroll and the company stock plan. 
Having this queue structure allowed us 
to receive and process work in a more 
uniform manner without creating a 
fragmented bureaucracy. 


ASSIGN OWNERSHIP. Each project man- 
ager “owns” a queue and is responsible 
for receiving and managing work re- 
quests as well as leading a monthly 
meeting with the business people. 


Form 





During the meetings, representatives 
of the business staff and technical 
managers from IT review projects. 
They look at the pool of requests and 
consider factors driving each one from 
both a business and an IT perspective: 
internal deadlines, legal changes, re- 
source availability and funding, among 
others. They reference budgets and 
technical road maps to justify the 
decision to implement or reject the 
request. In almost all cases, this team 
decides the priority of each request, 
seeking management guidance only on 
the rare occasions when it’s needed. 

The standing agenda includes a dis- 
cussion of future needs so we can ad- 
just staffing plans in advance instead of 
reacting to unexpected requests. This 
also allows the business people to see 
the effects of additional work on cur- 
rent priorities. 


TAKE IT ON THE ROAD. We introduced the 
process to the business through a se- 
ries of presentations, inviting anyone 
who might ever submit a request. 

We explained what we were doing 
and why and gave a step-by-step ex- 
ample of how to complete a request. 
We gave them our start date, and from 


Don't have a long debate about how to classify your 
work requests. Get fast agreement on some basic infor- 
mation and get started. Terms and categories can evolve 
as needed. Here’s a list of what we require: 


A one-line summary of the requested work that serves as its title - for 
example, “Add Middle Initial to Buyer Name.” Even though an automat- 
ed system assigns a number to the work request, this field becomes 
the common name and is used on reports. Hint: Have your business 
people write the description (see below) before they write the headline; 
they will find the title within their description. 


A broad classification for the area in which the work occurs. These 
already existed for the products we sell, so we created “INTSYS” as 
a global category for our internal systems. 


A subset of the product category, this is the specific area in need of 
work. It might be Accounting or Finance. Our internal systems are 
all handled by a unit called the Competency Center, so we created 
“COMPCTR” for all inside applications. 


A more detailed subset of categories for our internal systems. For ex- 
ample, work for our SAP system can be subclassified as “SAP_AR 
(accounts receivable)” or “SAP_PAYROLL.” 


The person making the request. 


What you want to be done. “Fix it” isn't a specific enough description, 
so in our “road show” we suggested starting with the phrase “ability 
to,” as in “Ability to sort by product number.” 


Why the company needs this work done. For example, “It increases sales, 
reduces cost and improves service.” 
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that date forward, we accepted only 
requests made with the new form. 


MAINTAIN THE SYSTEM. We review the 
project list in our weekly IT team 


| meeting. The assigned staffer updates 


the online form and the system assigns 
it a status of “submitted.” As the re- 
quest moves through the system, the 
status changes automatically until the 
work reaches a state of “completed” or 
is at any point “rejected.” It’s important 
to keep the information current, be- 
cause an outdated status damages our 
credibility with the business units. 


FOLLOW UP. After we complete a discre- 
tionary project, we send a survey asking 
the requester to rank our performance in 
these five areas on a scale of 1 to 5: 

« Were you satisfied with the product/ 

service delivered? 

« Were the benefits/desired outcomes 

achieved? 

« Was the product/service delivered 

on schedule? 

« Did the IT team member demonstrate 

necessary skills? 

« Was the IT team a professional and 

effective business partner? 

We also include a text field to allow 
responses to this request: “Please de- 
scribe what the IT team could do to 
improve its performance in delivering 
future work requests.” 

Results from this survey have been 
overwhelmingly positive and provide 
good feedback on individual perfor- 
mances. They have made previously 
unknown IT accomplishments visible 
to the business and IT management. 
They are proof to management of our 
improved relationship with business 
units and the improved perception of 
IT value. They help justify the time re- 
quired to run the system, and the acco- 
lades give the IT staff a morale boost. 


ALLOW THE SYSTEM TO EVOLVE. Over 
time, we’ve added and modified field 
contents to make the system more ef- 
fective. We’ve experimented with nam- 
ing conventions, classifications and 
rankings as part of a continuing effort 
to better identify and track priorities. 
Some changes worked; some didn’t. 
We're still trying. We haven’t yet found 
the perfect system for discretionary 
requests, but we now have one that 
works pretty well. It has improved our 
business relationships, our reputation 
and our morale. And it has again made 
the middle a safe place to be. @ 55377 





Sullivan is an IT project manager at The 
Reynolds and Reynolds Co. He can be 
reached at john_sullivan@reyrey.com. 
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ITAA: IT Doesnt 
Look Like America 


Most minorities poorly represented; 
women’s presence has fallen since 1996 


THE PERCENTAGE OF WOMEN and 
most racial minorities in the U.S. IT 
workforce continues to lag the per- 
centages of the national workforce, 
according to a study released last 
month by the Information Technology 
Association of America. 

According to the ITAA report, “Un- 
tapped Talent: Diversity, Competition 
and America’s High Tech Future,” His- 
panics, who make up 12.9% of the 
U.S. workforce, accounted for only 
6.4% of the IT workforce in 2004. The 
figure represents a slight increase from 
5.3% in 1996. Biacks, who accounted 
for 10.7% of the U.S. workforce in 
both 1996 and 2004, have more pro- 
portional representation in IT than His- 
panics, at 8.3%. But that was a de- 
cline from 10% of the IT workforce in 
2000. However, that doesn’t mean the 
U.S. IT workforce is whiter than the 
overall workforce: There are 6.6% few- 
er whites in the IT workforce than in the 
overall workforce. One of the greatest 
differences between the IT workforce 
and the country as a whole may be in 
representation by Asians. They account 
for 4.3% of the general U.S. workforce 
but 12.1% of the IT workforce. 

Another big difference is the per- 
centage of women. In 2004, according 
to the ITAA study, women made up 
32.4% of the IT workforce in the U.S. 
That represents a decline from a high 
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of 41% in 1996. In the overall work- 
force, the percentage of women rose 
slightly, from 46% to 46.5%. The 
ITAA attributed the decline, in large 
part, to the fact that one out of every 
three women in the IT workforce falls 
into administrative job categories, 
which have shrunk significantly in 
recent years. 

In a press release, ITAA President 
Harris N. Miller said the U.S. “can ill 
afford to miss out on anyone with the 
right aptitude, skills and motivation to 
succeed in technical fields.” To in- 
crease the number of women and mi- 
norities in IT, the organization called 
for the following: 


PW tei lg 
commitment from 
corporate leadership. 


Increased corporate out- 
reach and mentoring. 


Stronger partnerships 
between companies and 
colleges and universities. 


Seah R YT 
arrangements for IT 
Pee 


Base: Data in the ITAA’s report is based 
on the U.S. Bureau of Labor Statistics’ 
Current Population Surveys 


Mites 
president 
and CIO 


Keystone 
Automotive 
Industries 


Arriaga is this month’s guest 
Premier 100 IT Leader, answer- 
ing a reader’s question about 
lading a CIO job. If you have 
a question you'd like to pose to 
CYR Ma eu anOLO  rC 
ers, send it to 

EVM rl Cel 
em Umer mer nL 


I have a bachelor of science degree 
from West Point and a master of sci- 
ence degree from Johns Hopkins. | left 


oper. My goal is to become a Ci0, but | 
don’t have anyone to advise me on my 
next move. Any suggestions? The day 
| set my sights on the CIO position, | deter- 
mined to put a plan in place toward that 
goal. What | can offer you are my experi- 
ences and what | did to prepare myself for 
the day that office became available to me. 

| quickly learned that to be an effective 
ClO, | would need a balanced skill set in both 
technical- and management-related areas. 
| had the technical area covered because | 
knew | was strong in both infrastructure and 
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ASK A PREMIER 100 IT LEADER 


software engineering. But management 
skills set you apart as a candidate for the 
CIO seat. As IT people, we can be pigeon- 
holed as the “computer guy.” Take manage- 
ment courses and read books on manage- 
ment and leadership principles. You can 
learn a lot that way. 

As you learn, see whai you can do to get 
involved in management-related issues at 
the companies you work for. | sought out op- 
portunities to participate in meetings and 
discussions outside of the technical arena. 
The beauty of IT is that we touch every area 
of an organization. Departments and busi- 
ness unit owners need IT staff involved 
to assist with the planning and decision- 
making process. Most likely, your company's 
department manager, director or CIO is al- 
ready involved at this level. Offer your ser- 
vices and become a participant in these 
meetings and take on additional duties that 
will allow you to demonstrate the skills you 
are learning. As you get involved, if there is 


ples. | also started to get a better under- 
standing of what it takes to run a company. 
Having one mentor, or more, who can 
help guide you through the executive man- 
agement forest is also an important part of 
the building process. Although it’s a plus if 
this person is a CIO, what's important is that 
he is in an executive management role with 
proven experience that he can share. If you 
don't know anyone, attend computer confer- 
ences where you can meet ClOs. Ask them 
how they became a CIO. You might be sur- 
prised; many are open to sharing their expe- 
riences without reservation. One or more of 
the folks you meet may be open to mentoring 
you, even if it means just being available to 
correspond on a regular basis. @ 55230 
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enterprise-level backup and disaster recovery software 
Capacity: up to 350GB native/700GB compressed 
¢ No cleaning or maintenance required; utilize the 
full 10 disks for backing up 
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¢ Password protect confidential data and encrypt 
your backups 
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We don’t have to tell you that data loss can be a financial blow to any company. And with more data being 
stored, more assets are at stake. CDW has a full line.of top-name storage solutions that can help you increase 
capacity and reduce risk. And our account managers have the expertise to ensure you get the right solution for 
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Vielehr Tapped for 
Ci Post at D&B 


Global information provider The 
Dun & Bradstreet Corp. has 
named BYRON C. VIELEHR CIO. 
Vielehr joins the Short Hills, N.J.- 
based company from NorthStar 
Systems International Inc., where 
he served as president and chief 
operating officer. Previously, 
Vielehr served as chief technolo- 
gy officer in the private client 
group at Merrill Lynch & Co., and 
earlier he was CTO and global 
head of e-business for Merrill 
Lynch Investment Managers. 


Spratt Named 
ClO at McKesson 


McKesson Corp., a health care 
services and IT company in San 
Francisco, has appointed RAN- 
DALL N. SPRATT CIO. Spratt re- 
places Cheryl T. Smith, who left 
the company in May. He will re- 
port to Chairman and CEO John 
H. Hammergren and will serve on 
McKesson’s executive committee. 
Spratt has been with McKesson 
for more than 18 years, most re- 
cently as chief process officer for 
McKesson Provider Technologies, 
the company’s medical software 
and services division. 


Pieroni ClO at Aon 


Chicago-based Aon Corp., a pro- 
vider of risk management ser- 
vices and insurance, announced 
the appointment of BILL PIERONI 
as global ClO. Pieroni joined Aon 
from IBM, where he was head of 
the global insurance industry 
practice. 


Hiniker Appointed 
CTO at Quepasa 


Quepasa Corp., a Phoenix-based 
provider of online products and 
services to Hispanic and Latino 
users, has named AARON HINIKER 
CTO. Hiniker will lead Quepasa’s 
technology group as well as its 
near-shore development capabili- 
ties, which are provided via whol- 
ly owned subsidiary Quepasa.com 
de Mexico SA. 
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A Separate IT Capital 
akes No Sense 


Pool 


ANY CORPORATIONS separate the 

allocation of IT capital from the proc- 

ess that allocates corporate capital in 

general. This approach is misguided. 

Corporations don’t have IT capital and 
non-IT capital. Capital should be allocated to the pro- 
grams or projects with the highest return to the corpo- 
ration (with obvious exceptions, such as regulatory 
compliance and not-for-profit endeavors). 


All capital allocations 
should come from a single 
pool. This approach allo- 
cates capital more effective- 
ly. It facilitates portfolio 
management by evaluating 
all proposed projects to- 
gether. It allows the compa- 
ny to allocate capital in ac- 
cordance with corporate 
strategy while balancing 
risk and skills across the en- 
terprise. A single pool of 
capital will also accomplish 
the following: 
& Establish corporate priori- 
ties. Wrestling with a single 
pool of capital forces the ex- 
ecutive team to discuss and 
agree on corporate business 
priorities. This can help you avoid a sit- 
uation like the one a retail client of mine 
found itself in. The company had sepa- 
rated IT investments from corporate 
funding for new-store construction. 
The committee approving store fund- 
ing never considered IT projects as al- 
ternate investment opportunities. As a 
result, the client failed to invest in sev- 
eral IT projects that would have had a 
higher return than building new stores. 
@ Facilitate risk management. High- 
return programs are often very risky, 
and most companies have a limit on the 
level of risk they’re willing to undertake 
at once. They may choose to defer some 
high-return programs if the overall risk 
profile gets too high. A single pool of 
capital makes that easier to gauge. 





@ Exhibit fiduciary responsibil- 
ity. Shareholders expect 
companies to invest their 
capital where it will pro- 
vide the highest return, 
regardless of arbitrary cor- 
porate divisions or internal 
politics. 

& improve the quality of busi- 
ness cases across the corpora- 
tion. Allocating capital from 
a single pool provides con- 
sistent criteria for evaluat- 
ing programs and making 
trade-offs. Each business 
case must be robust enough 
to withstand scrutiny at the 
corporate level. This forces 
all programs to be better 
defined, planned and esti- 


| mated [QuickLink 54603]. 


@ Involve IT early in the project life cycle. 
Having a single pool of capital helps 
prevent IT from being excluded from 
“business” projects. One company built 
a number of new manufacturing plants, 
each with a different IT base. Since new 
plants weren’t considered IT projects, 
the IT organization wasn’t involved un- 
til construction of the plants was well 
under way. IT never had the opportuni- 
ty to suggest a common platform for 
the manufacturing systems. As a result, 
the company was left with a chaotic 
and unsupportable IT infrastructure. 
This unnecessary and expensive mis- 
take could have been prevented if IT 
had been part of the capital allocation 
process. 





® Help demonstrate IT's value to business 
initiatives. Virtually every IT project is 
really a business program with an IT 
component. Even most infrastructure 
projects are really undertaken to im- 
prove the support provided to the busi- 
ness as a whole. Funding from a single 
pool of capital clearly demonstrates 
that IT support is integral to the busi- 
ness. (This is especially useful at com- 
panies that don’t value IT’s contribu- 
tion appropriately.) 

@ Change the CI0’s role in the funding 
process. With one capital pool, the CIO 
should no longer be the only voice ar- 
guing for IT funding. In most cases, the 
justification should fall to the executive 
sponsor of the corresponding business 
initiative. Similarly, many CIOs current- 
ly run the allocation process for IT cap- 
ital. With a single pool of capital, the 
executive who oversees corporate capi- 
tal allocations, typically the CFO, will 
manage the entire allocation process. 
(In companies with difficult political 
situations, an outside consultant may 
be hired to establish the new allocation 
process and ensure that it’s impartial.) 

@ Remove arbitrary limits on IT capital. 
When the capital pool available to 
IT becomes the entire capital pool of 
the corporation, specific limits on IT 
capital are essentially eliminated. In 
theory, as long as the proposed pro- 
grams will generate a high enough risk- 
adjusted return, the corporation should 
fund them even if it has to borrow the 
capital. 

A single pool of capital ensures that 
IT program funding is based on busi- 
ness benefits, not technical merits. This 
approach will provide better IT support 
for your company’s business initiatives, 
so persevere beyond the politics and 
push-back. Funding from a single pool 
of capital will leverage your company’s 


| available capital resources to provide 


the best possible return. @ 55114 
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For more columns and links to our archives, go to 
www.computerworld.com/opinions 








eC 


CHM eM] 





smart about 





Webcast: 


COMPUTERWORLD 
ON-DEMAN Optimizing Public Television's 
Content Supply Chain 





Get Smart About Storage Storage - Optimizing Public 

This new report offers practical SCVMM Cael yt \ Merl 
advice about saving money, protecting In this webcast from Storage Networking 
data and implementing information World, André Mendes of PBS discusses 


life-cycle management. 


some of his organization's unique storage, 


SGML CAT CRS el Milo Cian Ugo ORCC oR ool teas 


www.computerworld.com/webcast01 


UE 


THE VOICE OF IT MANAGEMENT ))) 


IT|careers 


Omnisoft, Inc. 
We are looking for the following 
position in any of the skills. 
Technical Services Managers/ 
Data Processing Manager 
Direct daily operations of depart- 
ment, analyze workflow, estab- 
lish priorities. Develop computer 
information resources, provide 
data security and control, strate- 
gic computing, and disaster 
recovery. Knowledge in ERP 
packages using SAP, EDI 
Workflow, Business Connector 
NET. Business Objects 
PeopleSoft, PeopieTools pro- 
grams using ASP, DB2 
SQL/Oracle, UNIX/NT. Req 
M.S. in Comp. Science or Engg 
& tyr of exp, or B.S. in Comp 
Science or Engg. +5 yrs of exp 
Software Engineers: Research 
design, develop, test, & recom- 
mend software requirements for 
E-commerce database applica- 
tions. Use Oracle, Java, Perl 
XML, Solaris, Web logic, C++ & 
current Web Technologies in 
Windows, Unix, and Linux envi- 
ronments. Need B.S. in Comp. 
Science or Engg. or related and 
2 yrs of exp 
Programmer Analysts: Design & 
develop Enterprise Resource 
Planning, Customer Relation- 
ship Management ASP, 
Datawarehouse applications 
Use current web technologies 
web services, Stored proce- 
dures and SQL. Work in Unix 
Environment and Unix Schell 
Scripting. Need 2 yrs of exp 
Send resume to: HR Manager, 
Omnisoft, Inc., 930 Mason St., 
Dearborn, MI 48124 or via e- 
mail at: sreenivas@omnisoft- 
inc.net 


SALES SPPT ENG'G 


Sell CTI products to 
customers. Req'd: 5 
yrs exp. in job. Resum- 
es: NICE Systems Inc. 
301 Route 17 North, 
10th Floor, Rutherford, 
NJ 07070. Attn. G. 
Farese, Ref 14. 


RSCH & DEV. MGR 
- Mge comp. tech- 
nology use w/ em- 
phasis on rsch & 
devip new products. 
Req'd: 4 yrs. exp. 
Structured Web, Inc. 
110 B Meadowlands 
Parkway, Secaucus, 
NJ 07084 Attn: D. 
Nissan. 


IMP. ENG'G 


Dsgn, implement, & 
test CTI products at 
client sites. Req'd: BS 
& 3 yrs. experience. 
Willingness to travel 
80% of time. Resumes: 
Nice Systems, 301 
Route 17 North, 10th 
Floor, Rutherford, NJ 
07070. Attn: G. Farese, 
Ref 13. 


Subhashini 

Software Solutions, Inc. 
We are looking for the following 
position in any of the skills 
Technical Services Managers/ 
Data Processing Manager 
Direct daily operations of depart- 
ment, analyze workflow, estab- 
lish priorities. Develop computer 
information resources, provide 
data security and control, strate- 
gic computing, and disaster 
recovery. Knowledge in ERP 
packages using SAP, EDI 
Workflow, Business Connector, 
NET, Business Objects, People- 
Soft, PeopleTools programs 
using ASP, DB2, SQL/Oracle 
UNIX/NT. Reg. M.S. in Comp. 
Science or Engg. & tyr of exp. 
or B.S. in Comp. Science or 
Engg. +5 yrs of exp 
Systems Analysts: Research 
design, develop, test, & recom- 
mend software requirements for 
E-commerce database applica- 
tions. Use Oracle, Java, Perl 
XML, Solaris, Web logic, C++ & 
current Web Technologies in 
Windows, Unix, and Linux envi- 
ronments. Need B.S. in Comp. 
Science or Engg. or related and 
2 yrs of exp. 
Programmer Analysts: Design & 
develop Enterprise Resource 
Planning, Customer Relation- 
ship Management ASP, 
Datawarehouse applications 
Use current web technologies 
web services, Stored proce- 
dures and SQL. Work in Unix 
Environment and Unix Schell 
Scripting. Need 2 yrs of exp. 
Send resume to: HR Manager, 
Subhashini Software Solutions 
Inc. 930 Mason St., Dearborn 
Mi 46124 or via e-mail at 
sreenivas@subhashinisoft- 
ware.net 


Business Application Spe- 
cialist needed in Jackson- 
ville, FL. Bachelors in 
Information Technology or 
related field plus 2 years 
experience required. Fax 
resume Attn: H. Ricker at 
(904) 928-8783 or mail to 
International Paper Attn: 
H. Ricker 4600 Touchton 
Rd. East, Bldg 100, Suite 
500, Jacksonville, FL 
32246 


Programmer Analyst need- 
ed w/2 yrs exp to design, 
develop & maintain client/ 
server & n-tier based applic. 
using Delphi, Object Pas- 
cal, C, C#, COM/DCOM, 
COM+, XML, SOAP, T-SQL 
& Sybase SQL Anywhere. 
Mail resumes to: Triple 
Point Tech., Inc., 301 River- 
side Ave., Westport, CT 
06880. Job Loc: Westport, 
CT or in any unanticipated 
locations in U.S.A. 


Systems Analyst needed w/ 
Bach or foreign equiv. in Comp. 
Sci. or engg or math & 1 yr exp 
to dsgn, dev, test & impimt 
Oracle Applic ERP & CRM 
Analyze user reqmts to auto- 
mate & improve comp systm to 
Oracle ERP & CRM. Dsgn, dev 
& deploy customizations using 
Oracle Jdvipr. Perform conver- 
sion of data into Oracle applic 
using SQL Loader, Data Loader 
on Win 2000, HP-UX, Sun 
Solaris platforms. Res to 
Optima Technology Partners, 
Inc., 9 Mount Pleasant Tpke, Ste 
103, Denville, NJ 07834. Job 
loc: Denville, NJ or any unantici- 
pated locs in US 


Integ Enterprise Consulting, Inc. 
seeks System Analyst in our 
Newark, NJlocUnder close 
supervision Design/develop 
software applications, graphical 
user interfaces etc. Administer, 
manage & support Windows NT/ 
2000 based networks, database 
systems, web servers, email 
servers, data collection systems 
etc Install/configure/support 
common application & network- 
ing software, computer hard- 
ware operating systems 
peripherals etc. Knowledge of 
developing applications and 
graphical user interface using 
VB, ASP, configuring and sup- 
porting Windows NT/ 2000 
based networks, database man- 
agement systems, MS SQL 
Server, SQL, queries, views 
and stored procedures. Install 
configure and support common 
application software. Must have 
MCSE, Bachelor's degree in 
Computer Information Systems 
or related field, and two years 
relevant experience. Resume to 
Aida Malik, Integ Enterprise 
Consulting, Inc., 38 East Park 
St., NewarkNJ07 102 


Hibachi Chef (Toms 
River): Prepare, sea- 
son, and cook, hibachi 
dishes such as veg- 
etable, meats & sea- 
foods acdg. To recipes 
or/per cust. Order, 
demonstrate cooking 
technique to the cus- 
tomer $21.56 pr/hr. 
2yrs exp. Fax Res. 
(732) 281-1233 Attn: 
Patrick Chu. 


Computer Software 
Engineer w/exp. in 
designing question- 
naire software sys- 
tems. To work in 
Chamblee, GA. Send 
resume to Michelle 
Lehtonen, SAIC, 1710 
SAIC Drive, MST 1-2- 
1, McLean, VA 22102. 
Must ref job code 
GW120392. 


Computer Professional NY bas- 
ed IT firm, Jr. Level Positions 
Programmer Analysts, Software 
Engineers, Systems Analysts, 
Database Administrators to De- 
velop, create, and modify gener- 
al computer applications soft- 
ware or specialized utility pro- 
grams. Analyze user needs and 
develop software solutions 


Sr. Level Position, IT Manager, 
MIS Manager, ITS Director 
needed to Plan, direct, or coordi- 
nate activities in such fields as 
electronic data processing, infor- 
mation systems, systems analy- 
sis, and computer programming. 
Apply with 2 copies of resume to 
H.R.D, Jean Martin, Inc. 551 
Fifth Avenue 14th Fi. New York, 
NY 10176. 


Systems Analysts 


Design, develop & imple- 
ment Oracle ERP/MFG/ 
CRM/PROJECTS appli- 
cations on Oracle data- 
bases. Req. 2 yrs of exp. 
Send resume to: Tech- 
nosol Technologies LLC, 
H.R, 2606 Peninsulas Dr. 
Missouri City, TX 77459 
or email: technosol@ 
technosoltech.com 


DCSE, Inc., located in Aliso 
Viejo, CA, seeks a Software 
Engineer. The position re- 
quires a Masters Degree in 
Computer Science or Com- 
puter Engineering and 6 
months experience in Oper- 
ations Analysis, Program- 
ming and ArcIMS Program- 
ming. Fax resumes to 
Masoud Hoseyni, VP/CFO 
at 949-586-8141 or mail 
resumes to: DCSE, Inc., 95 
Argonaut # 260, Aliso Viejo 
CA 92656 Attn: Masoud 
Hoseyni 


Technology Management Con- 
cepts, located in Los Angeles, 
CA, seeks a Systems Analyst 
Consultant. The position re 
quires a Masters Degree in 
Management of Information 
Systems and 2 years experi- 
ence in Complex Problem 
Solving, Troubleshooting and 
Monitoring. Fax resumes to 
Jennifer Harris, Director of 
Consulting at 310-559-7675 or 
mail resumes to: Technology 
Management Concepts, 3000 
S. Robertson Bivd., Suite 250, 
Los Angeles, CA 90034, Attn 
Jennifer Harris. 


Computer & Informa- 
tion Research Scien- 
tist to work in IT labo- 
ratory setting. Digital 
imaging and printing 
experience a must. 
Send resume to Patri- 
cia Schoof, Shutterfly, 
Inc., 2800 Bridge Park- 
way, Redwood City, 
CA 94065. Must refer- 
ence job code #CIRS. 
EOE. 


Computer - E4Site Inc, 
located in Torrance, CA. 
seeks a Programmer An- 
alyst. The position requires a 
Bachelor's Degree in Com- 
puter Information Systems 
or equivalent and 1 year of 
experience in Programming, 
Complex problem Solving 
and Technology Design. Fax 
resumes to Manoj Narang, 
Resources manager at 310- 
326-6589 or mail resumes to 
E4Site Inc, 1601 Lockness 
Place, Torrance CA 90501 
Attn - Manoj Narang 


Software Engineer: Distribution 
Systems Technology (DST) 
Inc., located in Mission Viejo 
CA, seeks Software Engineers 
The positions require a Masters 
Degree in Computer Aided 
Engineering or Computer 
Science and 1 year experience 
in Operations Analysis, Data- 
base Programming and Sys- 
tems Analysis. Fax resumes to 
Marian Hetrick, Administrative 
Assistant at 949-770-3292 or 
mail resumes to: DST, Inc 
25909 Pala, Suite 250, Mission 
Viejo, CA 92691, Attn: Marian 
Hetrick 


IndusRAD (Peoria, IL) seeks 
engineers & IT staff to design & 
develop application software for 
advanced diesel engine using 
ANSI C program. Write test plan 
& procedures. Must have MS or 
BS with exp. Good wage with 
benefits. Please send resume to 
info@indusrad.com. EOE 


Software engineer, system ana- 
lyst, DBA wanted by Deligent 
LLC to develop applications: 
using Oracle, SQL, VB, Java, 
C/C++, SAP, AS/400, Developer 
2000, Windows NT. Minimum is 
MS or BS with IT experience 
Travel maybe required. Compe- 
titive wage with benefits. Apply 
at jobs@deligent.net. EOE 


ATTENTION: 


Law Firms 


IT Consultants 


Employmer 


Place your 
Labor Certification 
ads here! 


Are you frequently placing legal 
or immigration advertisements? 


Let us help you put together a 
cost effective program that will 
make this time-consuming task a 
little easier. 
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ShellSoft seeks IT professionals 
(DBA, system analysts, software 
engineers), project engineers: 
using Oracle, SAP, SQL, Java, 
C/C++. Min requirement is MS/ 
BS with IT experience. Competi- 
tive wage. Some positions requi- 
re travel. Please send resume to 
jobs@shelisoftinc.com. EOE 


RGP, Inc./dba Quality Team 1 
seeks MIS manager (Highland 
Park, Michigan) to design, mon- 
itor & manage MIS (manage- 
ment information system) devel- 
opment using RDBMS. Must 
have minimum MBA or MIS 
degree with 1-yr exp in related 
field Send resumes to 
info@ateam1.com. EOE 
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Continued from page 1 
UCITA 


cerned about it,” said Kinstlick, 
who maintained that stopping 
UCITA wasn’t enough. 

“If there is a void and UCITA 
is the only thing to take the 
place of the void, this could 
end up being the model al- 
most by default rather than 
choice,” she said. 

UCITA is a software licens- 
ing law that specifies terms 
and conditions for licensing 
contracts. Under the act, un- 
less the parties agree other- 
wise, the default terms apply. 

Its supporters argued that 
UCITA would provide a legal 
framework for online com- 
merce. Opponents said the de- 
fault rules favored vendors 
and created potential perils 
for corporate users, such as al- 
lowing vendors to knowingly 
ship defective products. 

Virginia approved the law 
in 2000, and Maryland quickly 
followed. But opponents — 
especially those in the finan- 
cial services industry — joined 
the state-by-state battle to 
block further adoptions. 

In August 2003, the law’s 
legislative sponsor, the Chica- 
go-based National Conference 
of Commissioners on Uniform 
State Laws (NCCUSL), sus- 
pended efforts to win state 
adoption. 


Alternative Options 

But UCITA can still be used 
as a contract model, said Jean 
Braucher, a University of Ari- 
zona law professor who is 
working with Americans for 
Fair Electronic Commerce 
Transactions (AFFECT) to de- 
velop a model bill. “Eventual- 
ly, we need an alternative,” 
she said. 

The mode! bill will be based 
on a set of principles AFFECT 
developed earlier this year. 
For instance, UCITA all but 
barred any type of reverse- 
engineering of a software 
product. But AFFECT argues 
in its principles that “sellers 





marketing to the general pub- 
lic should not prohibit lawful 
study of a product, including 
taking apart the product.” 

AFFECT’s effort has drawn 
the interest of the Chicago- 
based Society for Information 
Management, an organization 
of nearly 3,000 IT profession- 
als. Phil Zwieg, a SIM vice 
president, said AFFECT’s ef- 
forts will be particularly help- 
ful to smaller companies that 
don’t have the clout or legal 
staff to negotiate a licensing 
contract. 

AFFECT hasn’t decided on 
its next step or whether it wiil 
muster a lobbying effort to 
push for state-by-state adop- 
tion of its model bill. 





Licensing 


Principles 


Americans for Fair Electronic Commerce Transactions has developed a list of 12 
principles it believes should govern licensing contract terms. Among them are 


= Ensuring that customers are 
not bound by terms simply be- 
cause they visit a Web site or 
open a box containing a product. 


= Making customers aware of 

nontrivial defects. 

Regardless, Cem Kaner, a 
software engineering profes- 
sor at the Florida Institute of 
Technology in Melbourne and 
a longtime critic of vendors’ 
software licensing practices, 
said that for corporate users, 
the licensing model “is 


| 3 Providing refunds when product 
| isnot “of reasonable quality.” 


= Barring “self-help” or 
| repossession by remotely 
disabling a digita! product. 
| NOTE: Full list is at 
| areference point, a basis for 
speaking in negotiations, for 
objecting to terms, for saying 
that I have a standard form 
to follow.” 

Kaner noted that UCITA re- 
mains influential. It has been 
taught in law schools and is al- 





ready influencing court opin- 


| ions, even if it isn’t cited by 
| name, he said. 


But John McCabe, legis- 


| lative and legal director of the 


NCCUSL, said he doubts that 
UCITA will have much influ- 


} ence on the courts. “The im- 


pact of proposed legislation 
like uniform acts on the case 
law is highly problematic,” he 
said. The courts will put em- 


| phasis on prior cases, not on 
| statutes that haven't been 


adopted, McCabe said. 

He said it’s highly likely that 
the NCCUSL will again exam- 
ine software licensing and 
computer information issues 
at some point, but not in the 
foreseeable future. @ 55437 





Users Act to Encrypt Mobile Data 


Concerns linger 
about untested 


handheld tools 


BY JAIKUMAR VIJAYAN 
Companies looking to protect 
data on mobile client devices 
such as notebooks, handheld 
devices and smart phones 

are getting more options to 
choose from. 

Last week, Trust Digital 
Inc., a McLean, Va.-based ven- 
dor of mobile security soft- 
ware, released a new version 
of its technology that’s de- 
signed to allow security ad- 
ministrators to extend and 
enforce access-control and 
encryption policies on mobile 
devices. 

There are several compo- 
nents to the company’s new 
Trust Digital 2005 software. 
One feature allows systems 
administrators to control ac- 
cess to ports such as Universal 
Serial Bus (USB), FireWire 
and Bluetooth. The software 
also lets administrators ensure 
that critical information is 
encrypted when it’s trans- 
ferred to removable media 
such as USB thumb drives 
and writable CDs. 





Trust Digital’s tool is one of 
a small but growing number 
of products designed to give 
companies a way to protect 
data on mobile clients. Anoth- 
er vendor, Addison, Texas- 
based Credant Technologies 
Inc., ships a product that’s 
nearly identical to Trust Digi- 
tal’s tool. And PC Guardian 
Technologies Inc. in San 
Rafael, Calif., offers a technol- 
ogy that allows companies to 
encrypt e-mail and data on 
mobile computers, desktops, 
handhelds and removable 
storage devices. 


Critical Appeal 

The appeal of such technolo- 
gies is that they allow security 
policies to be extended and 
enforced on mobile products 
at a time when a growing 
amount of critical data is be- 
ing stored on such devices, 
said Randy Maib, senior IT 
consultant at Integris Heaith 
Inc. in Oklahoma City. 

As part of its effort to com- 
ply with the Health Insurance 
Portability and Accountability 
Act, Integris is using a tool 
from Credant to protect data 
on mobile devices “by forcing 
authentication and encrypting 


data,” he said. “A secondary 
goal was to discover how 
many mobile devices were be- 
ing used in our environment.” 

The Credant product is de- 
ployed on more than 2,300 
computers used by Integris 
workers, and the goal is to 
have it on all 5,000 desktops 
; and mobile devices by the end 
of this year, Maib said. 

PepsiAmericas Inc., a 
Rolling Meadows, Ill.-based 
bottler that is partly owned by 
PepsiCo Inc., is using the 
Trust Digital product to pro- 
tect data on over 300 hand- 
held devices used by its sales 
staff in Central Europe. 

The technology lets Pepsi 
encrypt sensitive information 
on the handhelds and control 
what users can do with the de- 
vices, said Laszlo Kovari, a 
PepsiAmericas information 
security manager in Budapest. 

“My idea was to extend the 
same level of protection that 
we provide for laptops and 
PCs to PDAs as well. From a 
pure security standpoint, it 
provides for confidentiality 
and integrity of the data on 
the devices,” Kovari said. 

The $2.5 billion CUNA Mu- 
tual Group in Madison, Wis., 














is using similar technology 
from Credant to encrypt data 
on more than 600 mobile 
computers used by its field 
sales force. 

The decision to implement 
the technology was driven by 
concerns about theft and acci- 
dental loss of data, said David 
Meunier, CUNA Mutual’s chief 
information security officer. 

“The one thing we are really 
trying to address is the risk 
that mobile technologies, 
specifically laptops, present to 
any business,” said Meunier, 
who is now looking to extend 
the same protection to enter- 
prise handhelds. 

Despite some of the bene- 
fits, there are caveats as well, 
users said. For one thing, 
products from companies 
such as Credant and Trust 
Digital are still fairly new and 
relatively untested, Maib said. 

“Encryption is not a silver 
bullet,” Meunier said. “It adds 
a whole realm of things that 
you need to start thinking 
about.” 

For example, using en- 
cryption to protect data — 
whether full-disk or only par- 
tial encryption — can also 
have performance implica- 
tions and require greater disk 
capacity and investment, 
Meunier said. @ 55434 
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AN YOUR USERS CHANGE when it comes to security? 
Yes, probably. At least that’s what two surveys that 
came out last week suggest. The Pew Internet & Ameri- 
can Life Project polled 1,300 Internet users about spy- 
ware and related problems (the results are online at 
Pewinternet.org). Meanwhile, Computerworld.com columnist Larry 
Ponemon reported on a Ponemon Institute survey of 400 people 
who were victims of a personal data breach [QuickLink 55301]. 
Neither study is intended to be about changing what users do. But 
the lessons they offer in that line are pretty compelling. 
Unfortunately, you may not much like those lessons. 


See, the main thing that’s clear from both 
studies is that fear, anger and distrust are what 
motivate users to change. In the Pew survey, 
91% of users said fears about malware have 
made them change how they deal with e-mail, 
the Web, downloads and even software user 
agreements. And, according to the Ponemon 
survey, most of those whose personal informa- 
tion is leaked will dump the bank, credit card 
or other company that exposed their data. 

So users will change — if they get afraid, 
angry or distrustful. That might be useful in 
getting them to stop doing risky, insecure 
things. But only if you make sure they’re not 
afraid, angry or distrustful in your direction. 

So threatening them with punishment for 
breaking security rules won’t work. Neither will 
trying to force them to obey or lying to them. 
No wonder IT’s standard techniques for getting 
users to behave always fail. They’re exactly the 
wrong approach. 

Then what might work? Beyond fear, anger 
and distrust, there are some other useful in- 
sights to be gleaned from these studies: 

@ Users like the personal touch. According to the 
Ponemon survey, users who got a 
phone call after their personal data 
was exposed were much more likely 
to trust the company than were 
users who just got a written notice. 

Lesson for IT: Memos don’t work. 
Personal contact is expensive, and 
lots of IT people could use some 
polish on their people skills. But if 
you want to change behavior, you'll 
need to do it one on one. 

@ Users drag their feet, but they want a 
quick response from others. The Pew 
survey says two-thirds of users will 
wait a week or more before dealing 





with a suspected spyware infection, and 20% 
will never deal with it. But the Ponemon results 
say users resent any delay in being informed of 
a security breach. Lesson: You need to respond 
fast, then convey that urgency to users so 
they’ll call you as soon as they suspect a prob- 
lem instead of letting it fester. 

@ Users pass the buck. Pew says users often 
blame friends or family for spyware infections. 
(“Nope, it’s not my fault.”) Lesson: Never mind 
the blame for past problems. Focus on things 
that “we” — meaning users and IT staffers — 
can do to avoid this problem going forward. 

= Users do better with follow-ups. In fact, Pone- 
mon says that 82% of users expected more help 
than they got after their data was exposed. Les- 
son: Don’t do just enough. Don’t tell them just 
once. Remind them. Repeat the message. Then 
check back to reinforce it with a positive spin. 
(“Everything working OK? Still keeping an eye 
out for those bad e-mail attachments?”) 

@ Finally, users want more information. Really. 
Ponemon says 67% of users thought the infor- 
mation they got after a security breach was 
incomplete or unreliable. Pew says 60% of 

users who have spywarelike prob- 
lems can’t figure out what’s wrong. 
Lesson: Give users that informa- 
tion. Make it straight, clear and 
useful. Ask for questions. Make 
sure users understand your an- 
swers. You want them to clearly 
grasp security threats and the dam- 
age they can do. 

After all, now that you know the 
strongest motivators of change for 
users, you want their fear, anger 
and distrust aimed squarely at 
security threats — where they 
belong. @ 55415 
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Six the Hard Way 
There's a big plasma screen in this hospital emergency 
room that's used as a tracking board, and the PC it's 
attached to is in a nearby closet. An ER nurse watches 
as IT pilot fish pulls the mouse through the doorway 
to adjust the active window on the screen. “We didn't 
know that the mouse cord could stretch that far,” nurse 
tells fish. “Whenever we want to use the mouse, we've 
used two people - cne moving the mouse blindly, the 
other yelling ‘right,’ ‘left,’ ‘up’ or ‘down.’” ; 
Don't Backup 
Try thsat’ SHARK Sei 
Home! 
This IT shop's TANK im poser 
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